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tent. The digital work and system context are polarized 
using B poiarization scheme whteh relies on a polariza- 
tion seed to initialize and customize the polarization. Dif- 
ferent types of polarization seeds may be used. Includ- 
ing a random number, a user's system's state or char- 
acteristic and a dynamic state-based polarization seed 
based on a dynamic system state or chanactsristic. 
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(57) A digital work and a system context (or re- 
source information or system resource) are polarized 
enabling trusted rendering or replay of the digital work 
without depoiarization of the digital content. The digital 
work includes digital content and resource information. 
Resource infonnation may include infonnatk>n used by 
a replay applicatfon to format or process the digital con- 
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Description 
Copyright Notice 

s [0001] A portion of the disciosure of this patent document contains materiat which is subject to copyright protection. 
The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent 
disciosure as it appears in the Patent and Trademarlc Office fiie or records, but othenwise reserves ail copyright rights 
whatsoever. 

10 Related Application 

[0002] This appiicatjon is a continuation-in-part application of application no. 09/1 78«529 filed October 23. 1 998. 
Field of the Invention 

IS 

[0003] Tlie invention relates to document rights management, and more particularly, to a system and method for 
polarization of digital works which enables blind replay of polarized digital worics into dear presentation data. 

Bacicground of the Invention 

20 

[0004] One of the most important issues impeding the widespread distribution of digital documents or worlcs via 
electronic commerce is the current lacl^ of protection of the Intellectual property rights of content owners during the 
distribution and use of those digital documents or wortcs. Efforts to resolve this problem have been tenned 'Intellectual 
Property Rights Management* ("IPRM"), 'Digital Property Rights Management" ("DPRM"), "intellectual Property Man- 
^ agement" ("IPM"), "Rights Management' ("RM"), "Digital Rights Managemenf ("DRM") and "Electronic Copyright Man- 
agement' (*ECM"). At the core of Digital Rights Management is the underlying issue of ensuring that only authorized 
users may perform operations on digital documents or worlcs that they have acquired. Once accessed, the content 
must not be distributed or used in violation of the content owner's specification of rights. 

[0005] A document or woric, as the torn is used herein, is any unit of infonnation subject to distribution or transfer, 
30 Including but not limited to correspondence, books, maga/lnes, journals, newspapers, other papers, software, photo- 
graphs and other images, audio and video dips, and other multimedia presentations. A document may t>e embodied 
in printed fomn on paper, as digital data on a storage medium, or In any other knovm manner on a variety of media. A 
digital woric, as the tenn is used herein, is any document, text, audio, multimedia or other type of work or portion thereof 
maintained In a digital form that can be replayed or rendered using a device or a software program. 
35 [0006] In the world of printed documents, a work created by an author is usually provided to a publisher, which 
formats and prints numerous copies of the work. The copies are then sent by a distributor to boolostores or other retail 
outlets, from whk:h the copies are purchased by end users. 

[0007] While the low quality of copying and the high cost of distributing printed materia! have served as deterrents 
to the illegally copying of most printed documents, it Is far too easy to copy, modify, and redistribute unprotected elec- 
40 tronic documents. Accordingly, some method of protecting electronic documents is necessary to make It harder to 
illegally copy them. This will serve as a deterrent to copying, even If it Is still possible, for example, to make hardcopies 
of printed documents and duplicate them the old-fashioned way. 

[OOOq With printed documents, there is an additional step of digitizing the document before it can be redistributed 
eiectrontealty; this serves as a detenent Unfortunately, It has been widely recognized that there is no viable way to 
^ prevent people from making unauthorized dlstributkms of electronic documents within cunrent general-purpose com- 
puting and conYnunications systems such as personal computers, workstations, and other devices connected over 
local area networks (l^Ns), Intranets, and the Internet. Many attempts to provide hardware-based solutions to prevent 
unauthorized copying have proven to be unsuccessful.. 

[0009] Two basic schemes have been employed to attempt to solve the document protection problem: secure con- 

so tainers (systems which rely on cryptographic mechanisms) and trusted systems. 

[0010] Cryptographic mechanisms encrypt (or "encipher") docunr»ents that are then distributed and stored publicly, 
and ultimateiy prhrately decrypted by authorized users. Cryptographic mechanisms provkte a basic fonm of protection 
during docunnent delivery from a document distributor to an Intended user over a publto networtc. as well as during 
document storage on an insecure medium. Many digital rights management solutions rely on encrypting the digital 

ss wori( and cfistrtbuting both the erK^rypted message and decryptton key to the consumer's system. While different 
schemes are employed to hkle the decryptton key from the consumer, the fact remains that all necessary infonnation 
Is available for a malidous user to defeat the protection of the digital work. Considering that current general-purpose 
computers and consumer operating systems provide tittle in the way of sophisticated security mechanisms, the threat 
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is both real and obvious. 

[001 1] A "secure container* (or simply an encrypted document) offers a way to keep document contents encrypted 
until a set of authorization conditions are met and some copyright terms are honored (e.g., payment for use). After the 
various conditions and terms are verified with the docurhent provider, the document Is released to the user In dear 
s form. Commercial products such as IBM's Cryptolopes and IrrterTrusfs Diglboxos fall into this category. Clearly, the 
secure container approach provides a solution to protecting the document during delivery over insecure channels, but 
does not provide any mechanism to prevent legitimate users from obtaining the dear document and then using and 
redistributing It In violation of content owners' inteilectual property. 

[001 2] Cryptographic mechanisms and secure containers focus on protecting the digital wori( as it is being transferred 
10 to the authorized user/purchaser. However, a digital work must be protected throughout its use from malicious usere 
and malicious software programs. Even (f a user Is a trusted individual, the user's system may be susceptible to attack. 
A signlfk»nt problem fadng electron^ commerce for digital vrarics is ensuring that the woric is protected on the target 
consumer's device. If the protection for the digital wori( is compromised, valuable and sensitive tnfomiation Is tost. To 
complicate matters, today's general-purpose computers and consumer operating systems are deficient in the areas of 
15 security and Integrity. Protecting the woric throughout usage Is a much more complex Issue that remains largely un- 
solved. 

[0013] In the "trusted system" approach, the entire system is responsble for preventing unauthorized use and dis- 
tribution of the document. Building a trusted system usually entails introducing new hardware such as a secure proc- 
essor, secure storage and secure rendering devk»s. This also requires that all software applications that run on trusted 

so systems be certified to be trusted. While building tamper-proof trusted systems is still a real challenge to existing 
technologies, current maricet trends suggest that open and untrusted systems such as PC's and wortcstations will be 
the dominant systems used to access copyrighted documents. In this sense, existing computing environments such 
as PC s and woricstations equipped with popular operating systems (e.g., Windows and UNIX) and render appIk»tions 
(e.g., Microsoft Word) are not trusted systems and cannot be made trusted without significantiy altering their archltec- 

25 tures. 

[0014] Accordingly, although certain trusted components can be deployed, users must continue to rely upon various 
unknown and untrusted elements and systems. On such systems , even If they are expected to be secure, unanttoipated 
bugs and weaknesses are frequently found and exploited. 

[0015] Conventional symmetric and asymmetric encryptton mettiods treat messages to be encrypted as bask»lly 
30 binary strings . Applying conventional encryption metiiods to documents has some drawbacks. Documents are typtoaiiy 
relatively long messages; encrypting long messages can have a significant impact on the perfbmianoe of any appli- 
cation that needs to decrypt the docunr^ent prior to use. More importantly, documents are fonmatted messages that rely 
on appropriate rendering applications to display, play, print and even edit them. Since encrypting a document generally 
destroys fomatting Information, most rendering applications require the document be decrypted into clear form before 
35 rendering it. Decryption prior to rendering opens the possbliity of disdosing the document In the clear after the de- 
cryption step to anyone who wants to intercept It. 

[0016] There are a number of issues in rights management authenticatfon, authorization, accounting, payment and 
financial clearing, rights spedflcatlon, rights verification, rights enforcement, and document protection. Document pro- 
tection is a particularly important issue. After a user has honored the rights of the content owner and has been pennitted 
40 to perform a particular operation with a document (e.g., print it, view it on-screen, play tiie musto, or execute the 
software), the document is presinnably In-the-clear. or unencrypted. Simply stated, ttie document protection problem 
Is to prevent the content owner's rights from being compromised when the document is in Its most vulner^le state: 
stored, in the deer, on a machine wittiin the user's control. 

[001 7] ^en when a document is securely delivered (typically in encrypted form) from a distributor to the user, it must 
45 be rendered to a presentation data fomn before the user can view or otherwise manipulate the document. Accordingly, 
to achieve the highest level of protection, it is important to protect tfio document contents as much as possible, while 
revealing them to the user at a late stage and in a fomi that Is dimcult to recover Into a useful fonn. 
[00iq in ttie known approaches to electronic document distributfon tiiat employ encryptton, an encrypted document 
is rendered in several separate steps. First, ttie encrypted document is received by the user. Second, the user employs 
50 his private key (in a public key cryptosystem) to decrypt the data and derive ttie documenf s clear content Rnaliy. the 
dear content Is then passed on to a rendering appltoation. which translates the connputer-readable docunnent into the 
finished document, either for viewing on the user's computer screen or for printing a hardcopy. The clear content is 
required for rendering because, In most cases, ttie rendering applteatlon is a third-party produd (such as Mtorosoft 
Word or Adobe Acrobat Reader) ttiat requires the input document to be in a spedfk: f onnat. It should be appredated, 
55 then, that between the second and third steps, the previously protected document Is vulnerable. It has been decrypted, 
but is still stored In dear electronic fonn on the user's computer. If the user is careless or is othenwise motivated to 
minimize fees, tiie document may be easily redistributed witiiout acquiring the necessary permissions from the content 
owner. 
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[001 9] While no system Is completely spoof proof or immune to attack, some recent techniques protect digital works 
by limiting use of the digital work to a user-spedfled physical device. These techniques require the user to provkie 
private infomrtation or system state infomiatmn from the system or phystoal device the user Intends to use to render 
the dlgltat work. System state Intormatton is typteally defined as system configuration Infomnation such as system 

5 parameters, CPU identifier, device identifiers, fvllC identifiers, drive configuration, etc. In these techniques, the digital 
content Is encrypted using a session key, then the session key, rather than using the user's encryption key. Is encrypted 
using a combination of the system or state information and the user's credentials. Then both the encrypted content 
and key are transmitted to the destination repository. In order to use the received encrypted work, the user must contact 
a trusted authorizing entity (usually a remotely located software program) which verifies the user's identity and ere- 

10 dentiais, then together with system state, decrypts the session key and finally decrypts the content for use. 

[0Q2Q] Commercial applications such as the secure Adobe Acrobat reader and the secure Microsoft MediaPlayer 
validate usage of tiie digital work by checking a license voucher for the appropriate user credentials and usage rights. 
Among the user credentials are system device identlTiers such as the CPU identifier or certain 6ev\ce serial numbers. 
At the time the user invokes an operation on the digital work, the application verifies if the specified device is present. 

IS This provides assurance that tiie digital work has not been transmitted to an unauthorized user (actually to an unau- 
thorized device). While the programmatfc check provides a minimal level of assurance, It depends on the security of 
the secret, which resides on the user's device. Not only can the decryption key be violated, but also the device identifiers 
themselves are partk^ularty susceptible to the threat of spoofing. 

[0021] The Acrobat Reader and MediaPlc^er protection schemes operate by allowing the rendering application to 

20 identify required devices on the usersystem as specified in the license voucher Issued forthe digital woric. This provides 
a level of protection adequate In many circumstances (i.e.. if the user is trusted and the user's specified rendering 
device is not susceptible to attack). TTie weakness of tiie schemes is ttiat it is based on tiie assumptton tiiat neittter 
the protectton of the cryptographic key nor the integrity of tiie license voucher will be conrf>romised. 
[0022] These techniques are really more of an autiientication technique than a prx>tectk>n technique, in that once the 

25 user's identity and credential Infonmation, system state Information is verified or license voucher received, the content 
is decrypted to its clear state and then becomes vulnerable to attack. The digital work is afforded no protection through- 
out usage. Further, the user information approach Is problematic in that it assumes the user will be sufflcientiy deterred 
from passing along his/her personal informetion. in other words, for the user information approach to succeed there 
must be severe consequences for users who would reveal their private identity and credential Information. 

30 [0023] A significant drawback to the schemes which tie authorization a specific devtee is ttiat they require tiie user 
to divulge sensitive information (e.g., CPU number or otiier personal Information) which raises a concern regarding 
privacy Issues. While tiie user dh^ulges the Information voluntarily {the user's only option If he/she does not wish to 
divulge tills infonmatbn Is not to receive the digital work) it would be desirable to provide a protection scheme that 
could secure a digital work on a user's device without requiring private infonnatlon. It would also be desirable to provide 

35 a DRM solution which does not rely on Oie protection of the cryptographs key orthe integrity of tiie iteense voucher, 
it would be desirable to provide a DRM solution vvhich delayed decryption of the digital content to the latest possible 
moment. 

[0024] Accordlngty, tt would be beneficial to provide an electronte document distribution scheme that minimizes the 
disadvantages of known systems. Such a scheme would prevent users from obtaining a useful fomn of an electronically- 
40 distributed document during the decryption and rendering processes. 

Summary of the Invention 

[0025] A self-protecting document fSPD"), according to ttie invention, is not subject to tiie above-stated disadvan- 
45 tages of the prior art. By combining an encrypted document with a set of peTml3sU>ns and an executable code segment 
that includes most of the software necessary to extract and use the encrypted document, the self-protecting document 
accomplishes protectton of document contents witiiout the need for additional hardware and software. 
[0026] The SPD system Is broken down between a content creator (analogous to the author and the publisher of the 
traditional model) and a content distributor. The autiior/publisher creates the original document, and decides what 
so rights are to be pemiitted. The distributor ttien customizes the document for use by various users, ensuring via the 
customization that the users do not exceed the permissions they purchased. 

[0027] At the user's system, ttie self-protecting document is decrypted at the last possible moment, fn an enlbodtment 
of the invention, various rendering faculties are also provided wtthin ttie SPD, so tiiat tiie use of the SPD need not rely 
upon external application that might not be trustworthy (and that might invite unauthorized use). In an alternative em- 
55 bodiment, Interfaces and protocols are specified for a third-party rendering application to Interact witii tiie SPD to 
provide trusted rendering. 

[0028] in one embodiment of the invention, the encrypted document is decrypted by the user's system while simul- 
taneously 'polarizing' It wttti a key that Is dependent, at least In part, on the state of the user'$ system. The polarization 
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may be cryptogrBphicalty less secure than the encryption used for distribution, but serves to deter casual copying. In 
this embodiment, depolarization is perfomned during or after the rendering process, so as to cause any Intermediate 
form of the document to be essenttalty unusable. 

[0029] In another embodiment of the Invention, a method of protecting a digital work uses a blind transformation 

5 function to transfomi an encrypted digital worl< into encrypted presentation data. The originatoi^ digital content is 
protected In Its original lorn by not being decrypted. This method enables the rendering or replay application to process 
the encrypted document into encrypted presentation data without decrypting it first. Encrypted presentation data Is 
then decrypted Just before It Is displayed to the user. This method Improves the overall perfomrtance of the process 
(both decryption and rendering) by minimizing the decryption overhead (since pre-rendeitig decryption Is generally 

10 more time and resource consuming) and postponing the decryption to a late stage of the rendering process. 

[0030] Blindtransfomiatlon or blind computing can be accomplished in one of several ways. Most digital worlcs include 
formatting infomriation, which when encrypted cannot be processed by the replay or rendering application (the trans- 
formation function which transforms a digital work into presentation data). If the digital work is encrypted with a format 
preserving encryption scheme, any transfomnation function may be used. This is particularly useful in that any com- 

is merdal replay or rendering applteation can process the encrypted digital work into encrypted presentation data. 0th* 
erwise, the bBnd transfomnation function Is a function of the original transformation function. For example, the blind 
transfonnation functkin may be a polynomial of the original transformation functton. Altematively, both the blind trans- 
fonnatlon function and the original transformation function may be any multivariate, integer coefficient affine function. 
[0031 ] Not all encryption schemes are format preserving encryption schemes. Addlthre encryption schemes may be 

20 used with ail document types and all associated transformation functions. In some replay or render applk^tlons, for 
some types of documents, portions of the format infomnation may t>e left in the clear. In other types of documents all 
of the fomwt information may be encrypted. In some types of documents, an addith^e encryption scheme may be used 
to encrypt the fonnat Infonmatbn and any encryption scheme may be used to encrypt the content or data portion of 
the document. 

2s [0032] in partteuiar, additive encryption schemes can be used to encrypt coordinate Infomnation of documents so 
that some rendering transf onnattons can be perfomned on the encrypted coordinate data. In a special class of docu- 
ments, token-based documents, for example, there are two places during the format-preserving encryption that use 
encryption schemes: one is for coordinate or location information x and y of the particuiar tokens within the document, 
and the other is for the dictionary of IndivWual token images. In order to perfomn blind transfonnation on the individual 

30 coordinates of the particular tokens in the document, the first encryption scheme must be an additive encryption 
scheme. However, the token dk:tionary may be encrypted with any encryption scheme. 

[0033] An encrypted token dtotlonary may still leak Infomiation such as the sizes of the token Images. If this is a 
concern (such as if the token dictionary is smalO. the tokens can be padded with some extra bits before encryption. 
The padding can result In encrypted token Images of a same size or several fixed sizes. For a token-based document, 

35 the coordinate infomratlon of the tokens in the dictionary may not be encoded. If it is desired that coordinate Infonnation 
be encoded, say, as IHuflman codewords, the same approach that is used to encrypt the Mentifiers can be used to deal 
with this situation. Basically, the codewords in location tables are left in the dear, and the codewords in the codeword 
dictionaiy are hashed using some one-way hash function and their corresponding coordinate infomiatlon is encrypted. 
During rendering the codewords in the location tables are first hashed and then used to lookup their encrypted coor- 

40 dinate Infomiation. 

[0034] In another embodiment of the Invention, a digital woric and a system context (or resource Infonnatfon orsystem 
resource) are polarized enabling trusted rendering or replay of the digital woric without depolarizatfon of the digital 
content. In tiiis embodiment, ttie digital worit is of the type which includes digital content and resource Infonrjation. 
Resource infomnation may Include information used by a replay applicatton to format or process the digital woric into 

45 presentatton data. Resource Information may Include, for example, a collectbn of system resources available to the 
replay software on a particular system, such as the Font Table, Color Palette, System Coondinates and Volume Setting. 
[003S] Different types of digital wortcs may be polarized, in addltton to polarizing typteal document ^e digital worics, 
audio and video digital worics can be polarized. The digital woric and system context are usually polarized at a manu- 
facturer or content owners k)cation using a polarizatk>n engine. A polarization engine Is a component used to transfomn 

so the digital woric and system context to their respective polarized fonrte. The polarization engine employs a polarization 
scheme whk^h relies on some polarization seed, an element used to Initialize and customize the polarization engine. 
[0036] Various polarization schemes may be used to polarize a digital woric For example, a stateless polarization 
employs a random number as a seed to transfomi a digital woric Into a polarized digital woric. A state-based polarization 
scheme employs a seed based on a system state or charaderistk? of a system to transform a digital woric into a polarized 

55 digital woric that is associated with that system state or characteristic. A dynamte state-based polartzatbn scheme 
employs a seed based on a dynamfc system state or characteristic to transfomi a digital woric Into a polarized digital 
wori(. In this embodiment, the polarized digital woric wQI typteally be provktod with a poiarizatbn engine for repoiarizing 
the encoded digital woric and the encoded system context according to the dynamte state-based polarization scheme 
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each time the system requests replay of the digital work. An authorization-based polarization scheme employs a seed 
t>ased on authorization information received from a trusted source to transform a digital work into a polarized digital 
work. For further security, the polarized system context can be stored separately from the polarized digitai work in a 
removable context devtoe, which must be coupled to the system prior to use of the digital work. 

5 [0037] Preferably the polarization seed contains information which can be used to tie the particular digital work to 
the u Itimate end user or an ultimate end user system. Typically the owner or distributor wilt select the type of polarization 
scheme to be used In polarizing the digital work and the type of polarization key to use depending on the value of the 
digital work. Uke encryption schemes, polarization schemes come In different levels of complexity and strength. When 
a digital work is ordered, a copy of a portk>n of the digital work's resource information, called the system context, is 

to made. The polarization seed is selected and both the digital work and the system context are polarized. A different 
polarization scheme may be used for the system context than is used for the digital work. However the polarization 
seed is the same for both. The polarized digital woric and polarized system context are then provided to the user for 
replay or rendering on a replay or rendering system. 

[0038] in the format preserving encryption and trusted rendering embodiment of the invention, protection is provided 

19 until the encrypted presentation data must be decrypted into clear presentation data. In this embodiment of the Inven- 
tion, the replay application uses the polarized resource information to transform a polarized digital woric into clear 
presentation data. 

[0039] If only the digital content of a digital wort< is polarized, leaving the resource Information unpolarized or In the 
dear, the replay applrcation will be able to process the polarized digital work into polarized presentation data. This 

20 means a depolarizer must depolarize the presentation data into clear presentation data suitable for viewing or use by 
the user If a portion of a digital work's resource information is also polarized accordingly, when the replay application 
transforms the polarized digital work, the replay application uses the polarized system resource information to tmn^orm ' 
the polarized digital wori( into clear presentation data. All or Just a portion of the required resource Infonnation may be 
polarized. The replay is blind in that the replay application does not see the original, unpolarized digital content. 

^ [0040] in this embodiment, a polarized digital work is transf omied by the replay application using a polarized system 
context (resource information) to create dear presentation data; the replay application can be any commercial or third 
party applicatbn. The replay application need not be customized to depolarize the presentation data and no depolarizer 
engine is required. The replay application operates as a blind replay system (it processes polarized digital content 
using polarized system resources) and relies on a type of polarization which transf omns or encodes the digital woric 

30 such that the ability to replay It using a software program or device Is tied to a spectfk: resource infonnation, thus 
protecting the content throughout use. 

[0041] Unlike systems whteh employ encryption to protect the djgttal woric and eventually decrypt the digital woric 
into its clear fonm before the digital work is provided to the replay application, the blind replay system keeps the digital 
woric encoded in the polarized fomn (there Is no explicit decoding step In the blind reply) until the last possible moment 
of the replay process, in the blind replay system, the polarized digital woric itself is never depolarized in the clear. Since 
presentation data is generally of a lesser quality than the original digital woric. even If the presentation data Is captured 
in its dear form, it cannot be easily (if at all) transformed back into the original digital work. 
[0042] Many different types of digitai wortcs and their resource infomiation may be polarized and replayed In a blind 
replay system. Digital works such as docunnents, text, audio files, graphics files and video files may be replayed in the 
40 blind replay system of the Inventkm by polarization of an appropriate resource infonnatton. 

Brief Description of the DraMrlngs 

[0043] The structure and function of the Invention Is best understood with refensnce to the Induded drawings, which 
^ may be described as follows: 

FIGURE 1 is a top-levei block diagram representing a model for the creation and commerdal distribution of eleo- 
tronk: ciocuments In either secure or insecure environments; 

FIGURE 2 is a flow diagram illustrating the decryption of protected etectronk: documents according to the art; 
so FIGURE 3 is a flow diagram Illustrating the decryption of protected electronic documents according to a simple 

embodiment of the invention; 

RGURE 4 is a ftow diagram Illustrating the decryption of protected electronte documents according to a prefen-ed 
embodiment of the Invention; 

RGURE 5 is a fiinctionai block diagram Illustrating the data structures present in a self-protecting document ao- 
55 cording to an emk>odiment of the invention; 

FIGURE 6 is a f tow diagram illustrating the creation and custonnization of a self-protecting document according to 
an embodiment of the invention; 

FIGURE 7 Is a fksw diagram, from a user's perspective, illustrating the acttons performed In handling and using a 
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self-protecting document according to the Invention; 

FIGURE 6 Is 8 graph illustrating several possible paths between an unrendered and encrypted document, and 
rendered and decrypted presentation data; 

FIGURE 9 is a flow diagranr) iliustnating a polarization process according to the invention in which document format 
s Infomnation remains in the dear for rendering. 

FIGURE 1 0 is a block diagram of a method of format preserving encryption and trusted rendering according to the 
invention; 

FIGURE 11 Is a simple example of a document to be tokenized; 
FIGURE 12 is the token dictnnary for the. document of Fig. 11 ; 
10 FIGURE 13 Is the k>catlon table forthe document of Rg. 11 ; 

FIGURE 14 is a block diagram illustrating a process for generating a polarized digital work and polarized system 
resource according to the invention; 

FIGURE 15 Is a block diagram illustrating the conversion of a digital work into image data according to the art; 
FIGURE 16 Is a block diagram illustrating a system for blind replay of a polarized digital work according to the 
« invention; 

FIGURE 1 7 is a block diagram illustrating another system of blind replay of a polarized digital woric according to 
the tnventran; 

FIGURE 18 Is a block diagram of an example structure of a digital document; 
FIGURE 19 is an example digital document; 
so RGURE 20 Is an example of the digital document of Fig. 16 after It has been polarized; 

FIGURE 21 is bk>ck diagram of an example structure of a resource Information or system context for a digital 
document; 

FIGURE 22 is a block diagram of an example font table; and 

FIGURE 23 is block diagram of the font table ot Rg. 22 after it has been polarized. 

25 

Detailed Description of the Preferred Embodiments 

[0044] The Invention is described betow, with reference to detailed illustrative embodiments. It will be apparent that 
the tnventton can be embodied In a wide variety of forms, some of whk;h may be quite different from those of the 
30 diseased embodiments. Consequently, the specific structural end functional details cflsck)sed herein are merely rep- 
resentative and do not Qmit the scope of the invention. 

[0045] Rgure 1 represents a top-level functtonat model for a system for the electronic distribution of documents, 
which as defined above, may induda correspondence, books, magazines, Joumals, newspapers, other papers, soft- 
ware, audio and video clips, and other multimedia presentations. 

35 [0046] An author (or publisher) 1 1 0 creates a document's original content 112 and passes it to a distributor 1 14 for 
distribution. Although It Is contemplated that the authormay also distribute documents directly, without Involving another 
party as a distributor, the dhdsbn of labor set forth In Figure 1 is more efficient, as It albws the author/publisher 1 1 0 to 
concentrate on content creation, and not the mechanical and mundane functions taken over by the distributor 114. 
Moreover, such a breakdown wouki allow the distributor 114 to realize economies of scale by associating with a number 

40 of authors and publishers (Including the niustrated author/publisher 11 0). 

[0047] The distributor 1 1 4 then passes modified content 1 1 6 to a user 1 1 B. In a typical electronic distribution model, 
the modified content 116 represents an encrypted version of the original content 112; the distributor 114 encry|3ts the 
original content 112 with the user 11B's public key, and nrxKiified content 116 is customized solely for the single user 
118. The user 116 Is then able to use his private key to decrypt the modified content 116 and view the original content 

45 112. 

[0048] A payment 1 20 for the content 1 1 2 Is passed from the user 11 8 to the dtstrSsutor 1 1 4 by way of a clearinghouse 
122. The clearinghouse 122 collects requests from the user 118 and from other users who wish to view a particular 
document. The clearinghouse 122 also collects payment infomiation, such as debit transactions, credit card transac- 
ttons. or other known eiectronte payment schemes, and fonvards the collected users' payments as a payment batch 

so 1 24 to the distributor 1 1 4. Of course, It Is expected that the clearinghouse 1 22 will retam a share of the user's payment 
120. In turn, the distributor 114 retains a portion of the payment batch 124 and forwards a payment 126 (including 
royalties) to the author and publisher 110. In one embodiment ot this scheme, the distributor 114 awaits a bundle of 
user requests for a single document t>efore sending anything out. When this is done, a single document with nK>dIfIed 
content 11 6 can be generated for decryption by all of the requesting users. This technique is well-known in the art 

55 [0049] In the meantime, each time the user 1 1 8 requests (or uses) a document, an accounting message 1 28 Is sent 
to an audit server 1 30. The audit server 1 30 ensures that each request by the user 1 1 B matches with a document sent 
by the distributor 114; accounting information 131 is received by the audit server 130 directly from the distributor 114. 
Any Inconsistencies are transmitted via a report 132 to the clearinghouse 122. which can then adjust the payment 
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batches 124 made to the distributor 114* This accounting scheme Is present to reduce the possibility of fraud in this 
electronic document distribution model, as well as to handle any time-dependent usage permissions that may result 
In charges that vary, depending on the duration or other extent of use. 

pnas/ai The foregoing model for electronic commerce In documents, shown In Figure 1 . is In common use today. As 
5 will be shown in detail below, It is equally applicable to the system and method set forth herein for the distribution of 
self-protecting docuntents. 

[0051] Tumlng now to Figure 2, the steps performed by the user 118 (Rgure 1) in a prior art system for electronic 
document distribution are shown. As discussed atK>ve. cryptographic mechanisms are typically used to encipher doc- 
uments. Those encrypted documents are then distributed and stored publicly and deciphered privately by authorized 
10 users. This provides a basic form of protection during document delivery from a document distributor to an intended 
user over a public network, as well as during document storage on an insecure medium. 

[0052] At the outset, an encrypted document 21 0 is received by the user 1 1 8 and passed to a decryption step 212. 
As Is well known In the art. the decryption step 21 2 receives the user 1 1 8's private key, which Is stored locally at the 
user's computer or entered by the user when needed. The document 210 is decrypted, resulting. In dear content 216 
19 similar or Identical to the original content 112 (Rgure 1). 

[0053] . The clear content 216 is passed to a rendering application 218, which constructs presentation data 220, or 
a usable version of the document's original content 112. In typical systems of this kind, the presentation data 220 is 
data immediately suitable for display on a video screen, for printing as a hardcopy, or for other use depending on the 
document type. 

» [0054] As discussed al>ove, the document is vulnerable In systems like this. The dear content 21 6 can be copied, 
stored, or passed along to other users without the knowledge or consent of the distributor 114 or the authorypublisher 
110. Even a legitimate user may t>e tempted to minimize the Kcenstng fees by capturing the document in the dear in 
order to redistribute and use It at will, without honoring the Intellectual proper^ of the content owners. As discussed 
above, the present invention is directed to a scheme for preventing such a user from obtaining a useful form of the 

29 document during the rendering process on the user's system. 

[0055] Accordingly, the system and method of the present invention sets forth an alternative scheme for handling 
encrypted documents at the user 11 8's system. A simple embodiment of this scheme is illustrated in Rgure 3. 
[0056] Rgure 3 looks similar to Figure 2, In that an encrypted document 310 is passed to a decryption step 312 
(which uses a private key 314) and a rendering application 31 6. resulting In presentatbn data 31 8. However, an addi- 

30 ttonal layer of protection is provMed by a protecting shell 320. The protecting shell 320 allows the document 31 0 to be 
decrypted and rendered without ever leaving clear content (as In the clear content 216 of Figure 2) available to be 
Intercepted. This Is accomplished by including decryption and rendering eiements within the document 31 0, as wlil be 
described below with reference to Figure 5. The Included decryption and rendering elements are adapted to limit the 
user's interaction with the SPD, prohibiting certain opeFBtlons (such as saving the document or performing cut-and- 

35 paste operations) according to the user's permissions. 

[0057] Rgure 4 Is a more sophistteated version. The scheme of Figure 4 Indudes an Intermediate "polarization" step 
adapted to secure the document after it has been decrypted but before it is rendered. Rrst, the encrypted document 
contents 41 0 are passed to a polarizer 41 2. The polarizer 41 2 receives the user's private key 41 4 and. via a decryption 
step 416, decrypts the document contents 410. Concun-ently, the polarizer 412 receives a polarization key 416 from 

40 the user's system. 

[0058] This poiarizatton key 41 6 is used by the polarizer 41 2 to transform the document to a verston having polarized 
contents 420. All of these operattons can take place In the open, without ariy kind of protective mechanism, provided 
the polarizer 412 does not store a dear version of the document between decrypting tt and pdarizlng it. 
[0059] In one embodiment of the invention, the polarizatk>n key 41 8 represents a combination of data elements taken 

^ from the user's system's intemal state, such as the date and time of day, elapsed time since the last keystroke, the 
processor^ speed and serial number, and any other Infomiatlon that can t>e repeatably derived from the user's system. 
It is useful to Indude some tlme*derived Infomfiation in the polarization key 418 so that Interception and seizure of 
polarized contents 420 wouki not be useful. Further rendering of the polarized document would not t>e posslbie, as the 
system time would have changed too much. 

so [0060] Then, once again within a protecting shell 422, the polarized contents 420 are passed to a rendering appli- 
cation 424. As discussed above, typical rendering applications are third-party applications such as Microsoft Word or 
Adobe Acrobat Reader. However, it Is likely that such external rendering applications will not be able to process the 
polarized contents 420, as the contents, any formatting codes, and other cues used by the rendener will have been 
scrambled In the polarlzatton process. 

35 [0061] Hence, the rendering applteaUon 424 must be commutative (or at least f&ult4oierant), or it must receh^e po- 
larized contents 420 ttiat are largely complete and processabie by the application. The latter possibility will be discussed 
below, in connection with Figure 9. 

[0062] The output of the rendering application is polarized presentation data 426, which has been formatted by the 
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rendering application 424 but is etill polarized, and hence not readable by the user The polarized presentation data 
426 Is passed to a depolarizer 428, which receives the polarization key 416 and restores the original form of the 
document as presentation data 430. In one embodiment of the invention, the depolarization function Is combined with 
the rendering or display function. In this case, the polarized presentation data 426 is received directly by a display 

s device, which can be separate from the user's system and receive data over a communications channel. 

[0063] Creation of the polarization key 418. the rendering applbatlon 41 8» and the depolarization step 428 are all 
elements of the protecting shell 422; these are tamper-resistant program elements. It Is contemplated that all compu- 
tational (or transfomnation) steps that occur within the protecting shell 422 will use local data only, and will not store 
temporary data to any globally aocessNe storage medium or memory area; only the expOcIt results will be exported 

10 from the protecting shell 422. This approach will prevent users from easily modifying operating system entry points or 
scavenging system resources so as to intercept and utilize intemnediate data. 

[0064] It should be noted that the presentation data 430 of Figure 4, in attemative embodiments of the Invention, can 
be either device independent or device dependent. In the device-independent case, additional processing by a device 
driver (such as a display driver or a printer driver) typically Is necessary to complete the rendering process. In the 
15 presently preferred device-dependent case, the devlce-specific modifications to the presentation data have already 
been made (either in the rendering application 424 or the depolarizing step 428), and the presentation data 430 can 
be sent direcdy to the desired output device. 

[0065] The decryption schemes described with reference to Rgures 3 and 4 above are enabled by a unique document 
structure, which is shown In detail in F^ure 5. As discussed above, certain operations performed by the system and 
so method of the invention require tmsted components. One way to ensure that certain unmodified code Is being used to 
perfomi the trusted aspects of the invention Is to provide the code along with the documents. The various components 
of a self-protecting document according to the invention are illustrated in Figure 5. 

[0066] The problem of document protection is approached t>y the Invention without any assumptions on the presence 
of trusted hardware units or software modules in the user's system. This is accomplished by enhancing a document 

25 to be an active meta-document object Content owners (t.e., authors or publishers) attach rights to a document that 
specify the types of uses, the necessary authorizations and the associated fees, and a software module that enforces 
the permissions granted to the user. This oomlTination of the document, the associated rights, and the attached software 
modules that enforce the rights Is the self-protecting document C*SPD") of the invention. A self-protecting document 
prevents the unauthorized and uncontrolled use and distribution of the document, thereby protecting the rights of the 

30 content owners. 

[0067] The self-protecting document 51 0 includes three major functional segments: an executable code segment 
512 contains certain portions of executable code necessary to enable the userto use the encrypted document; a rights 
and permissions segment 514 contains data structures representative of the various levels of access that are to be 
pennitted to vartous users; and a content segment 516 Includes the encrypted content 116 (Figure 1) sought to be 
35 viewed by the user. 

[OOeq In a preferred embodiment of the Inventton, the content segment 51 6 of the SPD 510 Includes three subsec- 
tions: document meta-infomiation 51 8 (including but not limited to the document's title, fonnat, and revisbn date), rights 
label Intonnatlon 520 (such as a copyright nottee attached to the text, as well as rights and pemilssions Information), 
and the protected content 520 (the encrypted document itself). 

40 [0069] In one embodiment of the invention, tiie rights and pemiisslons segment 514 Includes Intomiatlon on each 
authorized user's specific rights. A list of terms and conditions may be attached to each usage right. For example, user 
John Doe may be given the right to view a particular document and to print it twtee, at a cost of $10. In this case, the 
rights and pemnissions segment 514 identifies John Doe, associates two rights with him (a viewing right and a printing 
right), emd specifies tenns and conditk>ns including the price ($10) and a limitation on printing (twk»). The rights and 

45 pemnlssions segment 514 may also include Information on other users. 

[0070] In an alternative embodiment, the rights and pennlssions segment 51 4 includes only a link to extemal infor- 
mation specifying rights Inf ormatton. In such a case, the actual rights and permlsstons are stored elsewhere, for example 
on a networiced pennisston server, which must be queried each time the document Is to be used. This approach provides 
the advantage that rights and penmlsslons may be updated dynamteally by the content owners. For example, the price 

so for a view may be increased, or a user's rights may be terminated if unauthorized use has been detected. 

[0071] In either scenario, the rights and pemiisslons segment 514 Is cryptographlcatly signed (by methods known 
in the art) to prevent tampering with the specified rights and permissions; It may also be encrypted to prevent the user 
from directly viewing the rights and permissions of himself and others. 

[0072] The executable code segment 512, also called the "SPD Control." also contains several sutxsections, each 
S5 of Which comprises a software module at least partially within the executable code segment. In one embodiment of 
the invention, tiie Java programming language is used for the SPD Control; however, K is contemplated that any plat- 
fomvindependent or platfofm-spedfic language, eitiier interpreted or compiled, can be used in an implementation of 
this Invention. 
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[0073] A rights enforcer 524 is present to verify the user's Identity, to compare a requested action by the user to 
those actions enumerated In the rights and pennisslons segment 514, and to pemnit or deny the requested action 
depending on the specified rights. The operation of the rights enforcer 524 will be discussed In further detail below, in 
connection with Rgure 7. 

[0074] A secured polarization engine 526 is also present within the executable code segment 51 2; it senres to read 
and polarize the data according to the system state (or other polarization key) as discussed above, in a prefen^ed 
embodiment of the invention, the polarization engine 526 acts upon the document before It Is stored or decrypted, so 
the document Is never stored In the clear on the user's system. The polarization engine 526 Is secured, that is. It Is 
cryptographically signed and encrypted, to prevent tampering, reverse^ngineering, and disassembling. 
[0075] A counterpart depolarization engine 528 is also Included to enable the generation of dear presentation data 
from the polarized content (see l=igure 4). The depolarization engine includes a set of secure wmdow objects , providing 
~a relatively tamper-proof interface to the rendering API (application program interface) of the user's system. The secure 
window objects are resistant to being Intercepted, thereby reducing the possibility that the document, in its dear form, 
can be reconstructed by intercepting and receiving the data intended for the operating system. 
[0076] A counterpart depolarization engine 52B is also Included to enable the generation of dear presentation data 
from the polarized content (see Figure 4). The depolarization engine 528 provides a relatively tamper-proof Interface 
to the logical or physical output device (e.g., the user's display device). The input to the depolarization engine 528 is 
polarized presentation data. Therefore, If that data Is Intercepted, It will not reveal any of the dear content without 
further depolarization which depends on, for example, the user's system stats. 

[0077] A secure viewer 530 Is optionally induded in the executable code segment 512. The secure viewer 530 Is 
used to permit only those levels of access that are pemiitted according to the rights and pemiissions segment 514. 
For example, If the user purchased only sufficient rights to view a document (and not to save or print It), the viewer will 
not penult the user to save, print, or perfomn tiie standard cut-and-paste operations possible in most modem operating 
^sterns. 

[0078] Finally, a rendering engine 532 is included or referenced within tiie executable code segment 512. The ren- 
dering engine 532 need not be secure. Accordingly, the code for the rendering engine 532 can be Included within the 
SPD applet, or alternatively retrieved (via a secure link) from some other location, in either case, the rendering engine 
532 Is adapted to receh/e polarized document contents and produced polarized presentation data therefrom (see Figure 
4). 

[0079] The foregoing aspects and elements of the self-protecting document 510 will be discussed in further detail 
betow, in conjunction with the operation of the system. 

[0080] Rgure 6 shows the steps performed when a self-protecting document 51 0 Is created and distributed. A generic 
SPD 610 includes no user-specific rights infonnation and is not encrypted for any particular user. The generic SPD 
610 is created from three Items: the original document content 612, In clear (unencrypted) forni; a high-level rights 
specification 614; and an optional watennark616. 

[0081] The content 61 2 is pre-processed (step 61 8) to lay out the document as desired by the author or publisher. 
For example, a preferred page size, font, and page layout may be selected. The content 612 is essentially "pre-ren- 
dered" in the content pre-processing step so that It will be In a format that Is compatible with users' systems and the 
S PD. For example, the content 61 2 may be converted from Microsoft Word (".DOC") or Adobe Acrobat (".PDF^ format 
to a different tonnat specially adapted to be read by the rendering engine 532 (Figure 5). In one embodiment of the 
invention, multiple versions of ttie content 612 are generated by the content pre-processing step and stored in the 
generic SPD 610; those different versions may then be separately purchased by the user according to his needs. 
[0082] The high-level rights specification 61 4 sets forth what combinations of access rights are pennissible. Such a 
rights specification Is tailored to a particular document, and is capable of describing different groups of rights for different 
dasses of downstream users. For example, a publisher may be gh/en the right to distribute up to 100,000 copies of a 
document at a $1 .00 per copy royalty, with additional copies yielding a $2.00 royalty. Similariy, users may be given the 
option to purchase a version of the document that "times out* after one montii, one year, or never. Several possible 
limitations are described with reference to a detailed example, wrhich is set forth below. 

[0083] Digital Property Rights Language (DPRL) Is a language that can be used to specify rights for digital worics. It 
provides a mechanism in which different tenns and conditions can be spedfted and enforced for rights. Rights speci- 
fications are represented as statements In DPRL. For details, see, for example, U.S. Patent No. 5,715.403 to Stefik, 
entitted 'System for Controlling the Distribution and Use of Digital Worics Having Attached Usage Rights Where the 
Usage Rights are Defined by a Usage Rights Grammar." Enforcement of rights and verification of conditions associated 
with rights is perfomned using the SPD technology. 

[0084] Different rig hts can be spedfled for different parts of a digital work using a "woric" spedficatton. Wltiiln a wortc 
specification, different sets of rights applicable to this woric are speciTied. Rights can be grouped into named-groups 
called 'rights groups": Each right within a rights group Is associated with a set of conditions. Conditions can be of 
different types: fee to be paid, time of use, type of access, type of watermaric, type of device on whk:h the operation 
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can be performed, and so on. DPRL allows different categories of rights: transfer, render rights, derivative woric rights, 
file management rights and configuration rights. Transport rights govern the movement of a work from one repository 
to another. Render rights govern the printing and display of a work, or more generally, the transmission of a woric 
through a transducer to an external medium (this Includes the 'export' right, which can be used to make copies in the 
dear). Derivath^e woric rights govern the reuse of a woric In creating new wortcs. Rie management rights govern making 
and restoring backup copies. Rnaity, configuration rights refer to the installation of software in repositories. 
An exemplary woric specification In OPRL Is set forth below: 



(Wodc 

(Rights-T ■angiiflg^-Veision: 1.02) 

(Wotk-n): TSDN-1-55860.166-X; AAP.2348957tur) 

CDesoipCioQ: 'Tide: 'Zute-Zack, tte Moby Dog Stoiy' 

Authon 'John Beagle' 

Copyng^ 1994 loses PabMuag^ 
(Owner (Certificate: 

(Authority: Tibraiy of CongFess*") 
(ID: •Woiphy Publishers^)) 
(Parts: •Thoto-CcIebshots-Dog&-23487g5'' Dog-Breeds-Chart-AKCn 
(Comxnent 'TUiJits edited by Pfctc Jones, June 19960 
(Contents: (Ecom: 1) (To: 1663S)) 
(Rights-Group: **Rcgular^ 

(Comment: **I1us set of rights is used for standard letail editions.*0 
(Bundle: 

(Time: (Until: 1998/01/01 0K)1)) 

(Fee: CTo: "Jones4BLSH-18546789^(House: *'Visa''))) 

(Play: 

(Poc: (Mdeied: (Rate: 1.00 USD) (Pen 1:0:0) (By: 0:0:1)))) 

(Print: 

(Pee: (Per-Usc: 10.00 USD)) 
(Printer 

(Certificate: 

(Authority: DPT* 

Ciype: TnistedPtinter-6^)) 

(Watermark: 
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(Watennaik-Stn TiHc: "Zeke Zack- tihcMobjr Dog' Copyrigbt 
1994liyZBkeJoQfis. All Rights Reserved.*^ 
(Watermatk-Tokeos: usesr-id institudon-locatioii lendeF-iiame 
reader-dine)))) 



(Tcansfo:) 
(Copy:^: 0 
(Copy: (Access: 



(Pcr-Use: 10.00 USD))) 



(User. (Cntificate: 



(Autliori^: "^miAyPbblisliers^ 
OVpecTJistribatoO)))). 



(Ddete:) 

(Backiq):) 

(Restore: 



(Pbe: (Per-Usc: 5.00 USD))))) 



[0085] This work specification has a rights group called 'Regular.' which specifies rights for standard retail editions 
of a boolc titled "Zuka-Zack, the Moby Dog Story." The work specification expresses conditions for several rights: play, 
print, transfer, copy, delete, backup, and restore. The work In the example includes two other parts, a photograph and 
a chart of breeds Incorporated from other sources. A "bundle' specification bundles a set of common conditions that 
apply to all rights in the group. This specification states that all rights in the group are valid until January 1 , 1998 and 
that the fee should be pakJ to account "Jones-PBLSH-1 8546789". The clearing-house for this transaction should be 
Visa. The following contract applies: the woric can be played by paying $1 .00 every hour, where fee is accumulated by 
the second; the work can be printed on TrustedPrinter-6 which is certified by 'DFT for a fee of $10.00 per print; the 
printed copy should have a watennark string (as depkted) and a list of tokens signifying "fingerprint" Information known 
at the time it is printed; this work can be copied either by paying $10.00 or by acquiring a distributor certificate from 
iMurphy publishing; and unrestricted transfer, deletion or backing up of this work is pemiitted (restoration costs $5.00). 
[0086] The high-level rights specification 614 is also subject to a pre-processing step (step 620), In which the high- 
level (i.e., human-readable) specification is compiled Into a more-efficient data structure representation for use by the 
invention. 

[0087] The generic SPD 61 0 is then created (step 622) by combining the pre-processed content 61 2, the pre-proc- 
essed rights specification 614, and the watemiark 616. A watermark may be added by any means known in the art; it 
may be either visible or concealed within the SPD. The generic SPD 610 may also optionally be encrypted by the 
author^ublisher 110 for transmission to the distributor 114 (Figure 1). 

[0088] The generic SPD 610 is then received by the distributor 114. and is stored for later customization. When a 
user tBquest 824 is received by the distributor 114 (either directly or through the clearinghouse 122 or other intemre- 
diary). the distributor 114 creates a set of user permissions (step 626) that is consistent with both the user request 624 
and the rights specificatk)n 614. If there is no such consistent set of permisstons. then no further action is periormed 
on that user^ behalf (other than an optional notification message to the user). 

[0089] The user pemiissions and the user^ public key 628 are then used to generate (step 630) a customized SPD 
632 adapted to be used t>y the user. The user pemilssions from step 626 are stored In the rights and permissions 
segment 514 of the SPD 632, and the user's public key 628 is used to encrypt the content In the content segment 516 
of the SPD 632. A public-key encryption mechanism can t>e used to transfomi the SPD from the generic form to the 
customized SPD 632. Such a mechanism is useful if the SPD has to be confidentiatly transfened between different 
parties, e.g., author to publisher to retailer to consumer, with rights protection at each stage. It should further be noted 
that multiple user requests can be composed and accommodated within a single SPD 632; there are technk;|ues known 
in the art that are capable of using multiple pubik: keys to encrypt a document such that any of the users' private keys 
can be used to decrypt It. 
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[0090] The resulting custom SPD 632 is then transmitted to the user 118 by any available means, such as via a 
computer network or stored on a physical medium (such as a magnetic or optical disk). 

[0091] The operations perfomied when a user receives an SPD are depicted in the flow diagram of Rgure 7. The 
SPD is Rrst received and stored at the user's system (step 710); In many cases, It Is not necessary to use the SPD 

5 right away. When usage is desired, the user is first authenticated (step 71 2), typically with a user name and a password 
or key. The system then determines what action Is desired by the user (step 71 4) . When an action Is chosen, the rights- 
enforcement step of the invention (step 716) verifies the conditions associated with the desired action (such as the 
fee, time, level of access, watermark, or other conditions); this can be performed locally via the SPD applet 512 (Figure 
5) or t>y accessing a rights enforcement server. 

10 [0092] If the rights enforcement step (step 71 6) fails, an update procedure (step 71 8) Is undertaken. The user may 
choose to update his penmisslons, for example by authorizing additional fees. After the satisfactory verification of con- 
ditions, a pre-audit procedure (step 71 8] is perfonned, in which the SPD 6]^em logs verification status to a tracking 
service (e.g., the audit server 130 of Figure 1). The content is then securely rendered to the screen (step 722) as 
discussed above. When the user is finished, a post-audit procedure (step 724) is perfomied In which the amount of 

15 usage is updated with the tracking servk^e. The SPD system then awaits further action. 

[0093] The protection yielded by the SPD is derived from the user's inability to capture a useful fonn of the document 
at any intermediate stage during the rendering process. This is accomplished by decrypting the document contents to 
a dear form at the latest possible stage, ideally in the last step. 

[0094] The SPD decryption model Is illustrated in Rgure 8. E denotes the encryptbn functton performed by the 
so publisher; D denotes the decryptton perfomied at the user's system, and R denotes the rendering transfonmation. Many 
prior systems use a first sequence of transfomiations 810, D(E(x)} followed by R(D(E(x))). As stated previously, the 
early decryption leaves the document in a vulnerable state. Ideally, the transfomfiations are perfomied in the reverse 
order 812, R'(E(x)) followed by D(R'(E(x))). This postpones decryption to the latest possible time. 
[0095] The existence of R*. a rendering operation that can be perfomied before decryption, is detemiined by the 
25 following equality: 

D(R'(E(x)))=R(D{E(x))) 

30 In case that the encryption and decryption functions are commutathre, that Is. E(D(x)) » D(E(x)) for any x. the existence 
of R* is ensured: 

R'(y)-E(R(D(y)))fory = E(x) 

35 

In practice, encryption and decryptton functions In popular public-key cryptograph k; systems such as the RSA system 
and EIGamai discrete logarithm system satisfy the commutation requirement. This means that the transfomiation R' 
exists if these cryptographic systems are used for encryptton and decryption. 

[0096] The path x* = D(R'(E(x))} portrays an ideal SPD solution to the document protection against unauthorized 
40 document usage and distribution. A scenario of distributing and using a document can be described as follows. When 
a user purchases the document, the document is encrypted using a user's public information and is transnitod over 
an insecure network channel such as the internet The encrypted document has the rights infomnation attached to it 
and a protecting applet 51 2 that enforces the rights and penmisslons granted to the user by the content owner. Upon 
a user's request on using the document, the applet verifies the rights and permissions and generates from the encrypted 
45 document the presentation fomriat of the original document. As any Intennediate f omri of the document before the final 
presentatbn data is encrypted with the user's private infonrkatton, the SPD model of document protectton ensures that 
any intermediate fomn of the document is not useful to other systems wherever It Is Intercepted. 
[0097] Cleariy, this kieal model relies on whether or not the transfonnation R* that con-esponds to the rendering 
transformation R can be computed efficiently, and in partksular on whether or not an invocation of the decryption function 
so D is necessary during an implementatk>n of R". A trivial case in which R* can be implemented efficiently is where R is 
commutative with the encryption function E. When this happens, 

R'(y) = E(R(D(y))) = R(E(D(y))) = R(y) 

55 

. for y = E(x). In this case, R* = R. 
[0098] Consideration of Figure 8 reveals that many intermediate solutions (e.g., intermediate solutions 814, 816, 
and 818) to the document pmtectton problem may exist on the user's system between the two extrenoes yt = R(D(E 
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(x))). which has no protection on x « D(E(x)), and x* b DCFTCElx))), which hds ideal protection (under the aseun^tions 
set forth above). As depicted in Figure B, one may consider different paths from the encrypted document E(x) to the 
presentation data x* that correspond to different combinations of partial rendering transformations and partial decryption 
transfomnations. Again, It should be recognized that delaying the decryption D In any path Increases the protection 
level to the document. 

[0099] As discussed above, one altemath/e method of delaying decryption to the last possible nrK)ment employs a 
polarization technique that encrypts only the document contents, not the fonnat or the entire document as a whole. 
This possiblli^ Is shown in Figure 9. Beginning with the clear document content 910 (which, It should be noted, does 
not exist In any single identifiable iocatbn during the user's processing, but is rather a transient state pocuning within 
step 412 of Figure 4). the document Is split (step 912) Into a data portion 914 and a format portion 91 6. The data portion 
914 te polarized (step 918) using the polarization Icey 920 and merged (step 922) with the clear fonnat portion 916. 
This results in polarized content 924 that can be rendered to polarized presentation data without first decrypting the 
content. It should be observed that this form of polarization is Hlcely less secure than wholesale encryption with the 
polarization key, since a lot of infomnation can potentially be derived from tiie layout of a document, word lengths, line 
lengths, etc.; however, this scheme will present a useful deten'ent to casual copyright infringement 
[0100] A method of protecting a digital woric during replay which employs a blind transfomiation function is shown 
with reference to Figure 1 0. in Figure 1 0, an encrypted digital work 1 01 0 is provided to replay application 1 012. Digital 
woric 1010 has been encrypted with a fonnat preserving encryption scheme which enables reptay application 1012 to 
generate encrypted presentation data 101 6. Encrypted presentation data i 01 6 is then sent to decryption engine 1 01 8 
where It le decrypted Into clear presentation data 1020. Presentation data is now In the clear, but less likely to be 
regenerated into the original digital fomn. If presentation data 1020 can be viewed or used directly by the user, then no 
further processing is required. However, sometimes an additionaf rendering is required by a display system such as a 
printer. In such a case, presentatton data 1020 Is provided to the display system's rendering application (In the case 
of a printer this could be a decomposer) 1022 which generated image data 1024. image data 1024 Is then provided 
to display device 1026. 

[0101] In a general context, the problem of blind transfomiation can be stated as follows. Suppose a client Cathy 
wants a server Steve to connpute for her a function value F(a,x) with his (public or private) data a and her private data 
X, and Cathy wishes, for privacy concerns, that the transfomnation is done witiiout Steve knowing her private data x 
and the function value F(a,x). From Steve's point of view, this means that he computes F(8,x) for Cathy but with his 
eyes blindfolded. What this means Is that Cathy wouM like the server Steve to perform the transfomation only with 
data Ek(x) encrypted using Cath/s key k, and return to her the function vahie EK(F(a,x)) again encrypted using her key 
k. If Steve can perform the transfomnation using encrypted data, then Cathy has avoided disclosing the data x In the 
dear and the result F(a,x) in the clear. The ideal model of blind transfomiation with partially encrypted data is shown 
below: 

(a.,)_S_*(a.£(*)) 
FX iF' 
F(a,x)*-^--r(a.E(xy) 

IT* 

The function P that makes the diagram commute is what Steve really computes, and the transformation result F{a,E|c 
(x)) « EK(F(apc)) is ready for decryption to reveal the desired function value F(a,x). As Steve does not "see" the clear 
data X as well as the function value F(a, x), he carries out a "blind" transfomnation for Cathy 
[01 02] A protocol for blind transfomiation can be described as follows for the blind evaluation of tiie function F(a.x): 

(i) Cathy encrypts x using her encryption key k, resulting Ek(x). 
(II) Cathy sends B^fiO to Steve. 

(iiO Steve evaluates the nnodified version P of the function F at the clear data a and encrypted data E|((x]. 

(Iv) Steve returns the result P(a.EK{x)) back to Cathy. 

(V) Cathy decrypts P(a,E|((x)) using her decryption key k*i and obtains F(a.x). 

[0103] The kieal model of blind transfomiation introduced here can be regarded as a generalization of blind signatures 
and instance hiding. Blind transfomiation now allows partially encrypted data as Input and, more importantly, It penmlts 
the function P that the server computes to be possibly different from the intended function F. By computing P Instead 
of F, tiie server, tiiough still blindfokled, is aware of tiie Input being partially encrypted and hence Is cooperative with 
the client. The blind transfomnation and secure mdblle computing share a common goat In keeping the functton value 
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that the server computes private to the cOent, but they differ in that the client supplies the data input and the server 
supplies (a prograni that evaluates) the function in blind transformation, while it is the other way around in secure 
mobile computing. Note that blind transformation allows some portion of the data (e.g., a) to be In dear. This enables 
use of some dynamic yet clear data In the rendering process, such as display window size, reference positions for 
shifting content, scaling factor and coefficients In a rotation operation. 

[0104] Blind transformation works only if there exist functions F and P to compute the encrypted data. It can be 
shown that multivariate, Integer coefficient afftne functions using additive encryption schemes permit many document 
rendering functions of the affine type on the x- and y-ooordinates to be evaluated in blind transformation. For a given 
encryption scheme S, a function F: X X is said to be S-tffindfy computable if there exists some function P : X -» X 
such that the computational complexity for evaluating P Is a polynomial of the one for evaluating F. end 

F(apc) = D*''y'(a,E„(x))) 

for any k £ K and x £ X. A function F: X ~» X Is said to be blffidty computable if there exists an encryption scheme S 
with X being a subset of its message space such that F is S-blindly computable. 

[0105] Any multivariate, Integer-coefficient affine function is S-blindly computable for any additive encryption scheme. 
Specifically, let 



be a multivariate affine function with a constant Xg £ X, integer coefficients S] and variables x^, ... Xj^ in X. Then, for 
any fcey k € K, there exists a computatlonaffy efficient functton 



such that 

indeed, the constant y© and integer coefficients b| in .^^ can t>e taken to be yo = Efc(xo), b| = aj, 1« 1 k. The 
blind transfonnation of multivariate, integer coefficient affine f unctions using additive encryption schemes altows many 
document rendering functions of the affine type on the x-and y-ooordinates to be evaluated in the blind manner, pro- 
viding a theoretical foundation for the format-preserving encryption and tnjsted rendering of documents described 
herein. 

[0106] A document Is usually a message that confomns to a certain format. For document encryption, In addition to 
simply encrypting the entire document, there are many different ways to encrypt only some parts of the document. The 
goal here Is that the Infomiation leakage about the unencrypted portk>n cannot be used, or ff It does leak, it Is compu- 
tationally difficult to reconstruct the clear, original document. 

[0107] if an encryption scheme which preserves fonnatting Infomiation of the digital work, then any transfonnation 
function (replay application or rendering application) may be used. An example of afomnat preserving encryptk>n meth- 
od is described for convenience with reference to token-based documents. The method for fomiat-preserving encryp- 
tk>n can be easily extended or applied to documents in other fomiats (such as HTMI^ML, Microsoft WORD, Acrobat 
PDF. etc.). in a token-based fonnat such as the Xerox DiglPaper, each page image of a document is represented as 
a "dictionary" of token images (such as characters and graphics elements) and location information (indicating where 
those token images appear in the page). Thus, multiple occurrences of the same token in the document can be rep- 
resented using just a single Image of that token in the dictionary. 

[0108] The process of rendering a document in such a forniat is then accomplished by consecutivety reading in token 
locattons, retrieving Images of the tokens from the dictionary and drawing the Images at the specified locations. The 
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benefits of token-based documents are compact file size and fast rendering speed for use In distributing, viewing and 
printing of electronic documents. In the Digi Paper format, tokens are stored as binary images using the CCITT Group 
4 compression format, or as color images using JPEG compression, and the positton informatbn of the tokens is further 
compressed using Huffrnan coding. 

[01 09] For convenience, a token-based document 0 of P pages is formally modeled as a table (dkrtton ary) of tokens 
T of size m, together with a sequence ol P tables of locations of size IL^ (1 £ I s P), representing the P page Images. 
Each entry T[Q. 1 ^ j ^ ITI, is a pair Od[D,tQ]) of an Identifier MQ] and an Image tOl of the }-th token. Each entry L|[k]. 1 ^ 
k £ iL|i, In the l-th Image location table 1^ is a triple (id[k]^],y[k]) representing the k-th token occurrence In the Mh 
page image, where id[k] is the token identifier, and x[k], y[k] are its x- and y-coordinate differences from the previous 
(k -1 )-th token occurrence In the page. For example, take the simple document shown In Figure 1 1 . The token dictionary 
and location table (using x, y coordinates) for this document are shown In Rgures 12 and 13 respectively. 
[0110] The schematic pseudo-code Render(D] beiow shows how page images of a document D are rendered, in 
the code, Xq, Yq are the base references for the x- end y-coordinates for each page, LookupfTJdlk]) Is a subroutine 
that, upon the input of the dictionary T and a token Identifier id[k], returns a token image t In T coriBsponding to the 
given klentifler, and Draw(x,y.O Is a subroutine that draws the token Image t at the location (x.y). 

Readec(D) 
{ 

Load T into mcmozy 

fiirisllDPdo 

{ 

Load Li into nemocy 

X = Xo 

y=yo 

fQrk:sltoILJdo 
{ 

• y=y+yM 
isLookupCIadPc]) 

} 

J 

} 

[0111] In addition to the shifting transfomiation x'ax + a, / sy + bas used In the schematic rendering process 
described above, there are several other coordinate transfonnations that may occur during the document rendering. 
(01 12] Scaling. The scaling transformation is of the form x* = ax, y* = by, where a and b are scaling factors for the x- 
coordinate and y*coordinate, respectively. Scaling may be caused by resizing the display window or print paper. 
[01 13] Rotation. The rotation transf ormatbn Is 
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5 



for some constants a. b. c. d, which form a 2-kyy-2 rotation matrix. This transfomiation is needed when the page image 
Is rotated. 

[0114] Affine Tfansformation . An affine transfomiation is one of the fonri x = ax -i- by -i- e; y = cx -i- dy f for some 
10 constants a, b, c. d, e, f. In the vector fomi, it is: 



Clearly, shifting, scaling and rotation transfomiations are special cases of affine transformations. It Is those affine type 
transfomiatlons that make It possible to achieve a h)gh*ievel trusted rendering under encryption of coordinate infor- 
mation using additive encryption schemes described below. 
20 [01 iq A special class of encryption schemes, namely, additive encryption schemes, are used to cany out blind 
transfomnatlon of functions of the affine type, which provides a foundation for trusted rendering of documents. Blind 
transfomiation by a rendering transfomiation R and R' of an encrypted document satisfies the relationship: D(R'(E(x))) 
^ R(D(E(x))), where E Is an encryption function and D is a decryption function for E. If E(x} is an additive encryption 
scheme, then R' = R. 

^ [0116] An encryption scheme S generally consists of basically five components: (I) a message space X which Is a 
collection of possible messages, (li) a ciphertext space Y which is a collection of possible encrypted messages, (ill) a 
key space K whbh is a set of possible keys, (fv) a computationally efficient encryption function E:Kx X-» Vand (v) 
a computationally effteient decryption function O: K x X. For each key k E K, there Is a unique key k*^ £ K, such 
that the encryption function £j^« E{k,) : X-> Vend decryption function Oj^-I = 0(Ari.): V-> X satisfy that, for every 

30 message x E X, Dj^-^ [^M) - x. The key k Is called an encryption key and k-^ its corresponding decryption i(ey 

[01 1 7] Such defined encryption schemes can be varied in several ways to cover a wide range of concrats encryption 
schemes used In practice. One variation Is to consider whether or not keys used for encryption and decryption are 
different, in the case where all ericryption keys k are same as their corresponding decryption keys k'^ the scheme is 
a symmetrte (or private-key) one; otherwise, the scheme is asymmetric. In the case where, for ail possible k, k*^ is 

35 different from k and computationally difflcuit to derive from k, the scheme is a public-key encryption scheme. 

[0118] Another variation Is to differentiate detemnlnistic and probabiiistto encryption schemes. In a deterministic 
scheme, all the encryption and decryption functions Ei^ and 0^^.^ are detenninistic functior>s, while in a probabilistic 
scheme the encryption function E^ can be non-detemilnlstic, namely, applying the function to a message twice may 
result in two different encrypted messages. 

40 [0119] An additive encryption scheme Is an encryptton scheme whose message space X and ciphertext space Y 
possess some additive structures and encryption function Ej^s E{k,) : X-> Vis homomorphic with respect to the additive 
structures. Speciftcally, let X » (X, +, 0) and Y = (Y,®. 0) be two commutative semigroups with (possibly different) zero 
elements 0 satisfying, tor example, for all x. x + 0 = x and 0 -i- x = x, and efficient operations -i- and ®. An encryption 
scheme Is said to be additive if, for any k E K and any x, x" E X, E|((x + x^ ~ E|((x) ® Ek(x'), and the operation ® does 

<5 not reveal the dear messages x and x*. The last condition on e makes additive encryptton schemes non-trivial . Without 
this condition, the operation ® on Y can be trivially defined y ® y* =: EK(D|(.i(y) + 0^,yi;/)); that is, it is accomplished by 
first decrypting the arguments, then adding them together and finally re-encryptIng the result. 
[0120] Closely related to additive encryption schemes are muttipficath/e ones. An encryption scheme is said to be 
mMplicatlve If its spaces X and Y have the ring stmctures (i.e.. In addition to their additive structures, mey have 

so respective multipIk:ations x and 9 that are distributive over their additions -i- and ®, and multiplicative identities), the 
encryptk>n functton E^ Is homomorphic with respect to the multlplicatk>ns, Ek(x xt)^ B^x) 0 EkCx*); and the operatton 
® does not reveal the clear messages x and x*. 

[0121] In general, additive (as well as multlplbattve) encryption schemes are not non-malleabie, eince a non-malle- 
able scheme requires tiiat, given an encrypted message It Is (at least computationally) impossible to generate a different 
55 encrypted message so that the respective clear messages are related. Accordingly, they have a weakriess against 
active attacks where the adversary attempts to delete, add or alter in some other way the encrypted messages. How- 
. ever, when these schemes are used to encrypt documents, extra measures in data Integrity and message authentication 
can be taken to reduce risks caused by these active attacks on document Integrity as well as confMentlallty. Moreover, 
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end users are less motivatecl to initiate active attacks, as the attacks ¥vill affect document contents that the users are 
going to use and consume. 

[0122] Not all encryption schemes can be defined as additive ones In an easy and natural manner. In fact, some 
encryptton schemes are designed with a requirement of being non*addltlve or at least t>efng able to convert Into non- 
additive. Nevertheless, there are many examples of additive encryption schemes that can be used in the method of 
fonnat-preserving encryptton and trusted document rendering. Mult, Exp and EG (three detemnlntetic schemes), OU 
(probabiiistic) and RSA are examples of additive encryption schemes (with varying degrees of vulnerabQity to attack) 
may be used in the format preserving method. 

[0123] Multipiicative Cipher (Mult) ts a symmetric encryption scheme, where X = Y = Z„ s {0, 1 , ... n-1} for some 
integer n > 0. the encryption of a message x using a key a is 

y=E^|x) = ax(modn) 

and the decryption of a message y using a key a is 

x = D.(y) = a"Vmodn), 

where a'^ is the multiplicative inverse of a modulo n. 

[0124] Exponential Cipher (Exp) is a symmetric cipher, where X = Zp.^ and the dphertext space Y - Zp for some 
prime p, and K is the set of all generators of the multiplicatrve group Z'p. For any generator g e K, the encryption 
function is defined as the exponential function 

Eg(x) = g*(modp). 
while the decryption function is defined as the logarithm function 

Dg(y) cloggy (mod (p-1)). 

[0125] Semi-probabitistk: EIGamal Cipher (EG) extends the exponential cipher to the EiGamal cipher, which leads 
the EIGamal cipher to run In a cemi-probabllistlc mode. For each message x E 2p, where 2p « {1 , ... p-1) for some 
prime p, g is a generator In the multipticathre group Z*p, the private decryption key for a user is a random number a € 
Z*p.i. the public encryption key a « g*(mod p) E Zp, the encryption ^(x, i) depends on a unffomily chosen random 
number r E 2*p.^: 

E„tx,r) = (g' (mod p), xa' (mod p)) - {s.O. 
For an encrypted message (s, t), the decryption function is defined as 

Da(8.t) = t(sV(modp). 

[0126] The EIGamal cipher in Its original fom as described above Is hardly additive. However, the operator ® can 
be partially defined on the dphertext of those x's that share a same random number r, as follows: 

Ea(x, r) ® E„(x*, r) = (s. t) e (s. f) = (s. t + r ) = E„(x + x'(mod p), r). 

This partially defined operation is appficabte when a batch of messages are encrypted using a same random number r. 
[0127] OkarrxJto-Uchlyama Cipher (OU). Okamoto and Uchiyama proposed an addtth^e, public-key encryption 
scheme in T. Okamoto and S. Uchiyama. 'A New Public-Key Cryptosystem as Secure as Factoring', Burocry/MB, 
Lecture Notes in Computer Sdence 1403, 308-318, 1908. whteh is probabiiistic and provably as secure as the intrac- 
tability of factoring n = p^ against passive adversaries. Choose two large primes p, q of k bits for some k > 0,and let 
n = p^. Choose g € Z*n at raridom such that th order of g^ « gP- i(mod p^) is p. Let h « g" (mod n). The message 
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space X of the OU scheme is thesetZ^p (not the set {1 , ...2><-^} as claimed by Okamoto and Uchryama) and the ciphertext 
space Y is Z^. For a user, a public key is a tuple (n. g. h. k) and its corresponding private key Is the pair (p, q) of the 
primes. To encrypt a message x E X, a random number r £ is chosen uniformly. Then the encrypted message is 

To decrypt the enciypted message y, a "logarithmic' f unctton L: r r, 

L(x) = (x-1)p*^modp^) 

Is used, whQre r is the p-Sylow subgroup of Z*p2> t r » {x E Z*p2 1x^1 (mod p)}. With the function U the decryption 
function is 

15 

X « Dp,,(y) = L(y^^ (mod p^))L[g^y\nK^ ph 

[01 28] New additive encryption schemes can be constructed from existing ones via the compositton construction of 
20 encryption schemes. The composltton construction can also be used to construct additive encryption schemes from 
non-additrve ones. For instance, the composition of the exponential cipher Exp and any multiplicative encryption 
scheme S (such as RSA) results In an additive one. 

[0129] Addlth^e encryption schemes enable blind transfonnation with partially encrypted data. whk:h serves a foun- 
dation fortrusted rendering of documents, as discussed above. In particular, additive encryption schemes can be used 

25 to perfonn blind transfonnatton of affine functions with clear coeffkdents and encrypted variables. 

[01 30] Retuming to the example of a token-based document, since a token-based document D consists of a dk:tionary 
T of token Images and a sequence of location tables 1^ (one for each page image), the Mea is to encrypt the content 
of the dictionary T and location tables L|. resulting In a dictionary T of encrypted token images and tables L'| of encrypted 
locations. Recall that the dk:tionary T consists of a collection of pairs (idQ], tOl). j = 1 , ... ITl. Associated with T is a 

30 subroutine Lookup in the rendering process that, given a valid token Identifier kJ, returns Its con^espondlng token image 
t in T. in encrypting the dfctlonary T, there are three basic choices: encrypting token identifiers, token images, or both. 
Encrypting either klentifiers or token images helps unlink the connection between the Mentiflers andthelrtoken Images. 
In addition, encrypting token images protects proprietary token images. In any case, ft is desirable to allow valkl access 
to the dknionary only within the rendering process P, while making It computatk>nally difficult to obtain a copy of the 

35 entire, clear contents of the dtetionary. This is possible because In many cases the valid Identifiers (e.g., Huffnnan 
codewords) are only a very small subset of all binary strings of up to a certain length, and consequently any exhaustive 
identifier search will not be effk^ient. 

[01 31 ] More fomrialiy. given the dk:tlonary T and the Lookup subroutine that accesses it, the requirement on encrypting 
the dk:tk>nary is that the encrypted dictionary T and the conesponding subroutine Lookup* satisfy the following con- 
40 straints: 

(1) For any encrypted kJentifier E^Cid), LookupTT. £,((»)) » E,((LookupCr.id)) and 

(2) Given T and Ljookup*. It Is computational^ Infeaslble to reconstruct T 

45 [0132] For an encryptton scheme S, T and Lookup' can be constructed as foltows. Let ID be the set of all syntacticaliy 
possible Identifiers; in partcular, ID*£ ID, where ID* » {id I rid.t) E T). Let h be a one-way hash function whose domain 
is ID. TTien the encrypted token dictionary T is derived from T as follows: for every (id.t) pair In T. a pair (h(id).EK(t)) Is 
inserted into T. The modified subroutine Lookup' uses the algorithm: 

50 



55 
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L(Wfa9'(T'4d) 
{ 

f=Loo!aipCr*<l') 
ietnm(0 

} 

Notice that the return value of Looicup' is an encrypted token image. The decryption of this image will be postponed to 
Into the final subroutine Draw* In the rendering process, which Is part of the trusted rendering described below 
[01 33] This dictionary encryption is computationally feasible, both in terms of storage-space overhead and In tennis 
of running-tlme overhead, to compute with encrypted versions of token dbtionaries. If the hashing and encryption 
algorithms used in the Lookup' subroutine are secure enough, then It Is computationally very diffknitt to recover T given 
V and Lookup'. 

10134 Since each entry In a location table Lj consists of an kientifler, and location difference In x- and y-ooordinates. 
any combinatton of the three elements can be encrypted. To encrypt the location Information, an additive encryption 
scheme is recommended to enable applying any rendering transformation of the affine type to the location coordinates. 
For klentifiers, a trade-off between document compression and document protection must be made. In a token-based 
document, a token Identifier is usually a codeword of some coding scheme forthe compression purpose. For example, 
when the Huffman code Is used to compress the document, the identifiers are the binary Huffman codewords of the 
tokens based on their occurrence frequency in the document. In this case, simply using a detenninistic encryption 
scheme to encrypt these identifiers offers no effective protection on them. This is because the scheme does not change 
the occurrence frequency of each token, and hence anyone can re-count the number of occurrences of the encrypted 
Identifiers to re-construct the Huffman codewords that are the ktontifierB. Therefore, in order to hide occurrence fre- 
quencies of the tokens in the document, It Is preferred to use a probabilistic encryption scheme to encrypt the ktentlfiers. 
However, this will interfere with the optimal encoding canied In the Identifiers (codewords) and reduce the document 
compression ratb. This may be undesirable for token-based docunr>ents, as achieving a good document compression 
is one of the design goals for token-based documents. 

[01 35] A reasonable compromise for encrypting is suggested. Choose an additive encryption scheme S, preferably 
a probabilistic, and asymmetric one like the Okamoto-Uchiyama cipher OU if encryption and decryption efficiency is 
not a big problem. For each entry (tel.x.y) In L|, Insert (id,E|((x}.E|^(y)) into L'|. If It is also necessary to encrypt the 
klentifiers, entries like (EK(id).£K(x),E|^)) may be inserted into the locatk>n table L'|. But in this case, the entries in the 
encrypted dictionary T need to be changed to (EK(ld),EK(t))^, and the subroutine Lookup' above also needs to be 
modified to reflect the change. 

[0136] With the format-preserving encryption of a token-based document menttoned above, the document content 
can also be protected during the rendering process. The idea is to delay decryptbn Into Draw'(x,y,t). The rendering 
process is given shown below. 

Reiuki(D) 
{ 

Load T into ineinacy 
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fbrisltoPdo 
{ 

Load I4 into memocy 

forkeltDlUdo — 
{ 

y»y®yM 

tsLookDp'(r'4dDc]} 

Dnw'(x,y,t) 

} 

} 

) 
{ 

y=Pfc4(y) 

t-I)M(t) 

} 

During the process, all the coordinate and token image Information remains encrypted before calling the subroutine 
Draw'(x,y,t). This is possible for the coordinate information because the encryption scheme is additive. Consequently, 
the content protection level and rendering process perfomiance of the rendering process rely on the security strength 
and computational complexity of the scheme used. 

[0137] In another embodiment of the invention, a digital woric is polarized enabling trusted rendering or replay of the 
digital woric without depolarization of the digital content or the presentation data. In this embodiment, the digital woric 
is the type which incHudes digital content and resource information (also called a system context). Resour^ infonnation 
inciuctes formatting information or other Infonnation used by a replay or rendering application to convert the digital work 
into presentation data. 

[01 38] Polarizatton is a type of transtomrmtlon which renders the original content urtreadable or unusable. For a digital 
work w, a poiarizatbn scheme T, which uses a seed s, generates a polarized digital work w* according to: w* = T(w, s). 
The same transformation T may also be used to generate the polarized resource informatton S' according to S' « T(S, 
s). In this fficample, a seed s is used to make reverse engineering of the polarization scheme more difftcult. 
[0139] For example, a docximent type digital woric may be polarized using a simple polarization scheme. In a docu- 
ment, the digital content connprises a series of characters in a particular order or kx»tion. If the document is to be 
(iispiayed on a viewing devk», each character must k>e able to be displayed at a particular location for viewing by a 
user on the viewing device, such as on a monitor. A coordinate system Is required for displaying each character on 
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the monitor, bo each character in the document can be displayed on the monitor. The digital content contains coordinate 
infomnation which Is referenced by the monitor's coordinate system. For example, in this paragraph, the letter *P 
appears at the top line, indented by five spaces. 

[0140] A simple polarization scheme for Jumbling the text of the above paragraph is to translate the location of the 
5 letters with respect to the coordinate system. Each letter in the paragraph has an (x,y) location. Suppose the location 
(x,y) of each letter In the above paragraph are polarized using a seed (a.b) from a user's system. The following polar- 
ization functions may be used to polarize the above paragraph: 

Y = bv, for the vertical axis; and 
10 X s x/a. for the horizontal axis. 

[0141] In this example, the user's device coordinate system must be polarized in order for the replay appiication to 
transfonm the digital content into presentation data, i.e., display the pagraph on the monitor descrambted. The user's 
device coordinate system must be polarized using the same seed (a, b) to generate a polarized coortlinate system. 
IS The following transfonnation functions are used to compute both x and y locations of a gh^en point: 

Y « log^OO, for the vertical axis; and 
X » aX, for the horizontal axis. 

20 where log^ is the logarithm with base b. 

[0142] When the replay application obtains the location of a character in the polarized digital woric, the location is 
given by (X,Y) = (x/a. bv). This value is then applied to the device coordinate system (X.Y) « (iogj,(Y), aX) =:(x,y). Thus 
the conect location of "F" Is displayed on the user's nrH)nltor. In both cases of polarization, the polarized fomns of the 
resource Information and the digital work maintain an inherent association. These complementary polarized forms of 

25 the resource information and the digital woric result In the basis for a effective mechanism to protect the digital worlc. 
While the replay application is able to display the polarized digital woric, it is only with the polarized system context that 
the replay application is able to provide clear presentation data. 

[0143] While polarization, in general, is not as rigorous a protection as encryption, depending on the sensitivity of 
the digital woric to be protected, difTerent levels of polarization can be used. A sensitive woric may require a high level 

so or polarization; a lower valued woric may require a wealcer type of polarizetton. If the user's environment is trusted, a 
lower level of polarization may be used. An advantage to using a lower level of polarization is that it requires fewer 
system resources to create the polarized digital work and to render or replay the polarized digital woric. The type and 
quality of the polarization seed may also be used in combination with the polarization scheme to determine the level 
and strength of the polarization. For example, a more complex polarization seed (such as one containing authorization 

35 Infomiation from a trusted source or a dynamic seed) will provide a higher level of polarization and strength. 

[0144] Polarization typically occurs at the distribution or manufacturing location. Digital works are polarized usually 
prior to cfistributton to the user or customer using a polarization sc^heme chosen by the manufacturer or distributor. 
Resource Infomiatton to be polarized may also be preselected In advance to delivery. Preferably a seed is used for 
each polarization scheme. Also preferably, the seed is generated using information provkied by the user's system 

40 ooritext. 

[01 45] When a user purchases a digital woric, the user preferably provides inf onmation from the user system in whk:h 
the user Intends to replay the d^itai worie This Information may be used to generate the polarization seed for both the 
polarized digital work and the polarized resource information (sometimes called the polarized system context). Then 
the polarized digital woric and polarized system context or polarized resource information are provided to the user. 
45 Also, typically, but not needed for operation of this embodiment of the Invention, the polarized digital woric and polarized 
system context may be encrypted prior to distributk)n to the user. Decryptton of both the polarized digital work and 
system context may be required prior to replay of the polarized digital woric into presentation data, depending on the 
encryptbn scheme used. 

[0146] The process for creating a polarized digital woric Is divided Into three steps. These steps are generation of 
so the polarization seed, polarization of the digital work and, polarization of the resource infomurtion. Once the polarization 
seed Is generated, the polarization engine is seeded with it The polarization engine takes as Input the digital woric or 
the resource Informatkm, and generates the polarized form of the digital work or the resource infomnatlon based upon 
the transformation function seeded with the polarization seed. During replay of the polarized digital woric. the polarized 
resource InfonDation Is utilized to generate the presentation data and/or image data. The same or different polarization 
55 transformation functtons can be used for the digital work and the resource intonnation. 

[0147] A process for creating a polarized digital woric is shown with reference to Rgure 14. A digital work 1410 
includes digital content and a set of resource intonnation used for formatting and rendering the digital content into a 
fomn usable or viewable by a user. The digital woric 1410 goes through a process of content polarization 1420 in whk:h 
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the digital content is polarized and the resource information Is preserved, creating polarized digital worK 1422. The 
content polarization 1420 may occur as shown with reference to Figure 9. A digital work typically includes content, 
instructions and formatting. While polarization can occur to the entire digital woric, preferably only the content is polar- 
ized; the Instructions and fonnatting are not polarized. However, in some instances, tor some r^iay applications, some 
of the resource information contained within the digital work may also be polarized. This is similar for the format pre- 
serving encryptbn method described above. 

[0148] Resource extraction 1412 extracts at least one resource Infomiation from the set of resource information 
associated with digital work 141 0. Extraction consists of copying the resource Information Into a system resource file 
1414. System resource 1414 is then polarized at resource polarization 1416 to become polarized system resource 
1424. The polarization scheme for content polarization and resource polarization need not be the same. Preferably, 
each polarization scheme employs a polarization seed 1418 which Is generated by seed generator 1426. Several 
exemplary methods for seed generatton are described below. In particular, in a prefenred embodiment, the polarization 
seed is based on unique information from the user's system. 

[01 49] Several techniques for generation of the polarization seed may be used. For example, a seed generator which 
generates a number from a random number generator may be used. This method, referred to as stateless potarization, 
does not depend on any secret key Information and user system information. The process for stateless polarization 
yields a specific value for the system for polarization. The inherent vulnerability for digital security systems may be 
found In mishandling secret Information, mathematical complexity, and algorithmic complexity. Eliminating the secret 
infomiation seals off one target of attack. With starless polarization, a random number generator produces the polar- 
ization seed. In this case, once the polarization process is complete the seed Is discarded without a trace. Hence, the 
security of the system is free from attack focused on compromising the secret infomiation, and the user need not 
divulge sensitive information that may be deemed a privacy violatfon. 

[0150] Another seed generator that may be used is a state-based generator. The state-based seed generator con- 
structs a seed by first acquiring system state Infomiation from the user's replay system or rendering device. System 
state information includes hardware IdentifierB, system settings and other system state-related information. While there 
is much value in stateless polarization, other security requiremerits may require use of an inseparable link to a particular 
user system or device. By generating the polarization seed from system/device-specific information, the polarization 
engine will produce a digital woric that is polarized to a fornn that corresponds to a specific system/device. 
[0151] The polarization seed generator can also be tied to an authorization process. In authorization-based polari- 
zation, the seed generation can be tie in with the outcome of the authorlzatton process. A separate authorization 
repository (which is a trusted source) provide authorization information as part of sonne other security feature associated 
with delivering access to a digital wori< to a user. The trusted source of authorization Infomiation may be an online 
authorization nepository as described in US Patent No. 5,629,980. This authorization information is then used to gen- 
erate a polarization seed. 

[0152] If a stateless polarization seed is used, the digital work and its resource infomiation niay be polarized and 
stored together for delivery to a user when a user purchases the associated rights of use for the particular digital woric. 
If one of the other polarization seed generation methods is used, polarization typically must wait until the user provides 
the system state or authorization Inforniadorv before the digital work and resource Information may be polarized. 
[0153] An embodiment whk;h provkies a higher level of protection in ternis of ensuring ttiat the digital work may be 
replayed only on a specific physical system or device uses a dynamic atate-based polarization seed. In this embodi- 
ment, a polarization engine and polarization seed generator must be provUed to the replay applicafion or rendering 
devtee along witti the digital woric and resource Information. In this entbodiment, the digital work and resource Infor- 
mation are polarized prior to replay and rendering using a seed wh'ch Is generated based on the dynamic state of the 
particular system or device. The ciynamic state may come, for example, from the system dock, CPU utilization, hard 
drh^e altocatlon, cursor coordinates, etc. By polarizing the woric using a snapshot of a ctynamic state, the work Is tocked 
to a particular system configuration (i.e., state) in time. Polarization of the digital woric. and ultimately its blind replay 
(described below), is based upon a dynamically evolving state. The evolution of the dynamic state does not yield unique 
secret information that altows repeatability of tfie polarization process, and hence dynamic-state based polarization 
makes compromising the polarized digital work and system context more difficult Since the polarization process is 
carried out within a trusted system, it is htptied that the process can not be deconstructed. 
[0154] The actual process of polarization can be, as described in the example above, an algorttiimlc-based trans- 
formation -parameterized by the polarization seed. During polarization, ttie data and resource identffiers of the digital 
woric are transformed as described above. Ihe structure of the digital woric Is unaltered, however, such that ttie original 
fomnat, such as PDF. DOC, WAV, or other format, Is retained much like In the format preserving encryption. Simllarty 
the polarization of the resource Information yields a polarized form of the resource Infomiation such that the rssource 
identifiers, element kientifiers and resource characteristics are transfonned, yet the structure of the system context 
remains unaltered. By polarizing tiie digital work and resource information according to the same seed based on a 
user's specific device or system information, an Inseparable relationship Is estfibOshed such that the work canncxt be 
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replayed to Its clear form with any other device or user system.. If circulated in an unauthorized manner, the protection 
remains in effect. 

[0155] During blind replay, the unique characteristice of the polarized resource infonmation enable the replay appli- 
cation to properly replay the polarized digital wroric and generate unpolarized or clear presentation data. Because the 
digital work and the resource Information were transformed in a complementary manner, the polarized elements of the 
digital wortc, such as the resource Identifiers and data, unknowingly reference the complementary elements within the 
resources of the system context. Due to the matching transformation the proper elements within the context are Men- 
ttfied by the replay application such that the resultant presentation data appears In the clear. Hence, the work is pro- 
tected until the last possible moment after replay. 

[0156] As discussed earlier, the conventional dlstrlbutton of digital works via the web is relatively straightforward. 
The work is created using an editor, posted to a web site, accessed by the user audience and replayed in a viewer or 
on a display system. If a content owner does not desire to protect his/her digital work (or if the content owner trusts all 
users who will receive the work), the digital work is provkled "in the clear* I.e., without any encoding, encryption or 
other protectton for direct use by any user. 

[0157] if the digital work is downk>aded onto the U8er% system, it Is typically stored In memory. If the digital wor1< Is 
provided via a storage media, such as floppy disk or CD-ROM or DVD-ROM, the digital work is usually accessed 
directly from storage media. 

[01 58] In order to play the digital work, referring to Figure 1 5, the digital work 1 51 0 Is provMed to a replay application 
1512. in the case of a document or other type of digital work whjch requires formatting informatk>n or resource Infor- 
mation, the digital work will Include digital content plus resource Information setting forth the partteutar system context 
or system resources needed by the replay application to process the digital content. For example, the digital work 151 0 
may be a text document in which the text is displayed using the Arial font. When replay application 1512 accesses 
resource Information on digital work 1510 Indicating Ariel font Is used, It accesses the appropriate system resources 
1516 (which In this case is the Ariel font table) and uses the system resource Information to convert the digital content 
into presentation data 1514. 

[0159] In some replay applications, converting the digital content Into presentation data Is sufficient for use by the 
user. In others, presentation data is only an intermediate form which must be further converted. For example, in the 
case of a display system 1524 which is a printer, the presentation data 1514 must be further rendered by rendering 
application 1518. Rendering application 1518 may be a decomposer within the printer. Rendering application 1518 
uses other system resources 151 6 to transfomi the presentation data 1514 into Image data 1520. Image data 1520 Is 
in a form whbh can be directly displayed on display device 1 522 (in the case of a printer, output as a printed document). 
[0160] In addition to the earlier described systems and methods for protecting a digital work during replay, a digital 
work may be protected during replay by polarizing the digital work in accordance with a first polarization scheme whteh 
produces polarized content and preserves the digital work's resource Infonnatlon. A portion of the digital work's resource 
infomnation is copied and polarized In accordance wibi a second polarization scheme. Refening to Figure 16, replay 
application 1612 uses the polarized resource Infonnatlon 1 614 (and any other system resource lnfonmatk>n 1 61 6 that 
may be required) to transfomi the polarized digital work1610 Into clear presentation data 1618. Presentation data is 
necessarily In the dear, which means It can be captured by other programs (such as a screen capture utility program). 
However, the output of such other programs is not in the same fomriat and frequently not of the same fidelity as the 
original digital work. 

[0161] The polarized resource infonnatlon can be thought of as acting like a polarizing filter to bring the polarized 
digital content into a clear image (presentation data).This system is a blind replay system in that the replay applcation, 
which can be any isommerviai applteatton, does not know or need to know ttie dear digital content. Blind replay operates 
for any transformation function R, such that R(W,60 = R(w,8), where w* is the polarized digital content, w is the clear 
digital content, s* Is the polarized resouroe Infonnatlon and s Is the unpolarized resource Infomnation. Blind replay of 
polarized digital works using polarized resource infomiation is different from blind transformation described above in 
that blind replay produces clear presentation data without having to depolarize It In blind transfonmatlon, the replay 
application converts the encrypted digital work into encrypted presentation data, which must then be decrypted. In both 
cases, the user does not see the original digital work in clear fonn. 

[0162] Blind replay (also called blind rendering) using a polarized digital woric and polarized resource information 
can be used alone to protect the digital work during replay as well as In addition to regular encryption. For example, 
the polarized digital work and polarized resource infonrtation may be encrypted to protect it during distribution, then 
decrypted at the user's system into the polarized digital work and polarized resource infonnatbn. The user must first 
obtain permission from the content owner or the distributor acting on behalf of the content owner (in order to decrypt 
the encrypted digital wortc). Once the user Is quaSfled. the encrypted polarized digital wortc and the encrypted polarized 
resource information are decrypted and the polarized digital woric is replayed In the replay appQcation using the polar- 
ized resource informatton. 

[0163] The complexity of rendering a digital wortc Into a usable form for viewing by a user can be used to further 
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protect the digital work during replay. Referring to Figure 1 7, polarized digital work 1 71 0 Is provided to replay application 
1712, which uses polarized system resources 1716 and other system resources 171B to transform polarized digital 
work 1 71 0 into partially polarized presentation data 1 71 4. In this embodiment, display system 1 728 is needed to trans- 
form presentation data Into a form usable by the user. Partially potarfzed presentation data 1 71 4 Is provided to rendering 

5 application 1720 which uses polarized system resources 1716, local system resources 1722 and system resources 
1718 to transfomi the partially polarized presentation date 1714 into dear image data 1724. Clear image data 1724 Is 
then displayed on display device 1726 for use by the user In this emt>odiment. presentation data is still polarized, 
taking the location of the dear data to a later point of the display process and providing further protection. 
[0164] To enhance usability of the system for polarization of digital works, the polarized resource infomrtation may 

10 be separated from the digital work and tied to a transportable device such as a smart card, in this emt>odiment, the 
replay application 1 712 plays back the work using the polarized system resources 1 71 6. Instead of having the polarized, 
system resources 1716 stored in a local memory, along with the polarized digital work, 1710, the polarized system 
resources 1 71 6 is stored In a transportable device such as a smart card. Also, the smart card, possibly with hardware- 
enhanced features, may possess attributes that provide for tamper resistance. Within the transportable context, the 

19 polarized data Is processed by the replay application 1712 to yield the partially polarized presentation data and then 
provided to the rendering applk:ation 1720. 

[0165] Many different types of digital works can be protected throughout use using the polarization method. For 
example, If the digital work is a document ortext file, the replay application may be a word processor, system resources 
or resource infomiation may indude font tables, page layout, and color tables, if the digital work is audio or video data 

20 (e.g., streams), the replay applteatlon may be an audio or video player. The presentatton data will be the audloArldeo 
final data stream. The display system may be an audio/video device. The rendering application may be the audio/video 
device driver. The image data may l^e the audio/video device data stream and the display device may be the auM 
video rendering device (speaker or monitor, for example). 

[0166] For a digital woric that is an audio/vkieo data stream, the system resources or resource information may 
25 include characteristics of the audloMdeo device: sample rate (samples per second - e.g., 8 kHz, 44.1 kHz), sample 
quality (bits per sample - e.g., 8, 1 6); sample type (number of channels - e.g., 1 for mono, 2 for stereo), and sample 
fonmat (instructions and data blocks). A table of some audio/yideo data streams and their con^esponding resource 
infonnation or variable parameters which can be selected for polarization Is set forth below: 

30 Table 1: 
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Digital Wori^: AA/ Data (Streanns) 


Extension 


Origin 


Variable Parameters (#Fixed) 


Compression 


Player 


.mp3 


MPEG standard 


sample rate, quality, #type 


MPEG 


MP3 Player 


.ra 


Real Networics 


sanr^ rate, quality, #type 


Plug-Ins 


Real Player 


.wav 


Microsoft 


sample rate, quality, #type 


ADPCM 


Window Media 


.end 


Apple 


sample rate. #quality, #type 


MACE 


QuickTime 



40 

[0167] The structure of a digital wori( can be used advantageously for polarization. While it is possible to polarize 
the entire digital woric. It is more convenient to polarize only a portion of the digital woric. Most digital worics include 
three primary elements: instructk>ns, data, and resources. Preferably, only the data and resources of the digital woric 
are polarized, much like the format preserving encryption mettiod described above. By selectively transforming only 
^ the data and resources, a digital woric may be transformed such that the content remains in the original format, yet the 
data and resources are Incomprehensible. 

[01 68] The general layout of a digital work of the document type is shown in Figure 1 8. In Figure 1 8. digital woric 1 50 
inclucies Page Descriptor 152. Control Codes 154, 158 and 162, Resource identifier 156, and Data 160 and 164. The 
Page Desc:riptorB 152 define the general layout of a work. For instance, the page size, page number, and margins fall 
gQ Into the category of Page Descriptore with respect to digital documents. Control Codes 154, 158 and 162 are similar 
In that they describe the presentation of the content. Examples Include commands to set text position, output text, set 
font type, and set cun^ent screen coordinates. Resource Identifiers 156 simply reference the desired resources. In the 
digital document reedm, resources could vary from font typeface to t>ackground c»lor. Finally, Data 160, 1 64 represent 
the core infomiatbn communicated by tiie digital woric. This could be the drawing coordinates used in a multimedia 
dip or the character codes for rendering as a digital document. 

[01 69] An example of a digital work (in this case a simple digital document) and one of its polarized forms are shown 
in Rgures 19 and 20, an HTML document in clear and polarized form. Vie tags <html> and <body> are Page Descrip- 
tore. The <ront>...<Vfont> tag is an example of a Control Code for setting font resource characteristics, whOe "AriaT 
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and '14" are Resource Identifiers for an Arial typeface, 14 point font. The "Hello World" text is the Data, or the core 
infomiation of the work. The <p> is another Control Code to signal the beginning of the paragraph. Finally, the document 
ts closed out with Page Descriptors <\body> and <\htnil> to identify the end of the document. 
[0170] Figure 20 shows what the digital work of Rgure 1 9 looks like In a polarized form. It can be seen that the Page 

5 Descriptor and Control Code tags remain unaltered; the <html>, <body> and <font> tags are unchanged. Whereas, 
the Resource Identifiers, "Arlar and "14", have been transformed to Indecipherable values. SImiiarty, the Data. "Hello 
World", has also been transformed to an indecipherable value. By transfomiing the Resource identifiers and the Data 
the content Is rendered meaningless while In the polarized form. Yet, the fact that the Page Descriptors and Control 
Codes remain Intact aflows for the document to retain its original format, which in general could be HTML, Adobe PDF, 

10 RealNetworks RAM , Apple QuickTime, etc. 

[0171] The system context (or system resources or resource information) can be thought of as the collection of 
system resources available to a replay application on a particular system. For example, it may include the Font Table, 
Color Palette, System Coordinates and Volume Setting. When a digital work is input to a replay application, the replay 
application uses the particular resource infomnation contained within the digital work to transform the digital content 

IS into presentation data. Each system context or resource Infomnation contained within a digital work Is or can be altered 
to be unique to a system for whch It can be replayed. The system context is a required element for the use of the 
digital work, tying use of the digital work to a specific system or physical devtee or replay application for replay. The 
Resource identifiers and Data within the digital woik may efther directiy or Indlrectiy reference elements contained 
within tiie system context. Polarizing the digital work and system context enable blind rendering into dear presentation 

so data. By polarizing the system context with a polarization seed that Is tied to a unique system, the resulting polarized 
system context can be a unique environment in which a complementary polarized digital work, which has been polarized 
with the same polarization seed, may be accessed and replayed. 

[01 72] Rgure 21 Illustrates a typical configuration of the system context. The elements Include the resource identifier 
(ReslD), element identifier (ElemlD), and resource characteristics (Characteristics). The ReslD includes pertinent In- 
25 fomiation for other system components to reference the resources. The ElemlD Is the Identifier of an individual element 
within the resource. Rnally, the Characteristics are the actual resource characteristics used to express the individual 
resource element. 

[01 73] Rgure 22 b an illustration of the resource for the font table pertahing to the Arial typeface. The key resource 
identifier in this case is the font name, "Ariar. Folbwing the ASCII oonventron, tiie number 48 kientifies the individual 
30 resource element Identifier. The resource element chamcteristics for the ElemlD represent the informatton to express 
the letter 'a'. 

[0174] Rgure 23 Is an illustration of the polarized the system context for the font resource shown In Rgure 22, The 
resource identifier itself is transformed to "k1 3k2". The element identifier itself need not be transfomied. as it is sufficient 
enough to transform the resource characteristics alone. In this case. "48" Is depicted as transformed to express the 

35 characteristics for Y instead of 'a'. 

[0175] Polarization and blind rendering may be used for many different types of digital works. In addition to docu- 
ments, polarization and blind rendering may be used for audio^deo data. As noted above, audioMdeo data is generally 
provided in thefonn of streams. A replay application is the audloArideo player which transfonns the digital audloArideo 
stream into a final data stream whteh can be processed by a transducer (speaker) Into an audio output or by a display 

40 Into a' vMeo image. 

[0176] Referringto Figure 17, replay appi cation 1712con'espondsto an audto/vldeo player whfch generally operates 
by sampling ttia audio/video Input streams 171 0 at some sample rate, quality and type accepted by a target audio/ 
video device. It uses the audioA^kleo system resources to sample, mix and produce audio/video streams and then 
mixes the resampled audioA^ideo streams to produce a final audio/video stream in a format expected by the target 
45 device. In the case of an audloArideo player, the presentation data 1714 Is the final mixed audtoArideo stream at some 
sample rate, quality, type and fomiat expected by a target audioArkieo devtee. 

10177] The target audio/Video device (e.g., rendering application 1720) Is some hardware system that Is able to 
convert the audioA^ideo stream (presentation data 1714) at a specific sarnple rate, quality, type (channeQ and format 
(e.g., PAL or NTSC) to the devtee audio/video data 1724. Examples of audio devices Include sound cards, speakers. 

so monitors and the digital to analog converter located within the audioAddeo devk:e. Many devces are able to play audio/ 
video streams at a range of different sample rates, image data 1724 (e.g. an audio signal or a video image stream) is 
generated by the audloArideo device driver 1720 and "consumed" by the display device 1 726. 
[0178] For example, to polarize an audloArideo data stream, It may be split into two or more separate streams. One 
stream is polarized and one stream is unpolarized. Each stream may have different devtee characteristics (resource 

55 information): sample rates, channels, qualities and/or formats associated wftti it The device characteristtes (one or 
more of the stream's sample rates, channels, qualities and/or fonnats) may also be polarized to generate the polarized 
. resource Infomiation. 

[0179] Blind replay of the polarized audloArideo stream Is accomplished In a similar manner as for a polarized digital 
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document. The replay appftcation (audio^ridBO player) mixes together the unpolarized stream and the polarized stream, 
and using the polarized resource infomnation, produces a polarized final data stream for the target audioMdeo device 
with a correct set of resource infonnation. The target device (1 720) uses the polarized resource Infomfiation to play the 
polarized data stream generating dear soundA/lsual effects (1724). 

[0180] While certain exemplary embodiments of the invention have been described in detail above, it should be 
recognized that other forms, attematlves. modifications, versions and variations of the invention are equally operative 
and would be apparent to those skilled in the art. The disclosure is not intended to Iffnit the invention to any particular 
embodiment, and is Inten^ied to embrace all such forms, alternatives, modificattons, versions and variations. For ex- 
ample, the portions of the invention described above that are described as software components could be implemented 
as hardware. Moreover, while certain functional blocks are described herein as separate and Independent from each 
other, these functional blocks can be consolidated and perfonned on a single general-purpose computer, or further 
broken down into sub-functions as recognized in the art Accordingly, the true scope of the invention is intended to 
cover all alternatives, modifications, and equivalents and should be determined with reference to the claims set forth 
below. 



Claims 

1 . A method of creating a polarized digital woric. vrharein the digital work includes digital content and resource infor- 
mation for use by an applicatton that transfonns digital content into presentation data, comprising: 

generating a polarization seed for use in a polarization scheme; 

generating a system resource by copying a portion of the digttat work's resource infonnation, wherein the 
system resource includes resource infomiatton specific to the digital woric for use by the application; and 
polarizing the digital work in accordance with a first polarizatton scheme whteh polarizes the digital content 
while preserving the resource infomiiation, using the polarizatton seed; 

polarizing the system resource In accordance with a second polarizatton scheme using the polarization seed; 
and 

wherein the application uses the polarized system resource to transfomn the polarized digital work into dear 
presentation data. 

2. The method of claim 1 wherein the first polarization scheme and the second polarization scheme are the same. 

3. The method of claim 1 . wherein the polarization seed comprises a random number. 

4. A protected digital woric for use by an appi toation which transforms digital content into presentatton data, compris- 
ing: 

a digital work induding digital content and resource Infonnation, wherein the digital content has been polarized 
In accordance ¥m a nnst polarization scheme whteh polarizes the d^ital content using a polarization seed 
while presenting the resource information, wherein the resource information is used by the application for 
transforming the digital content into presentation data; and 

a system resou roe comprising a copy of a portion of the digital wortc's resource information , wherein the system 
resource has been polarized in accordance with a second polarization scheme using the polarizatk>n seed; and 
wherein the appiteation uses the polarized system resource to transform the polarized digital woric Into clear 
presentation data without revealing the digital content 

5. The (Sgital work of daim 4 wherein the first polarization scheme and the second polarization scheme are the same. 

6. The dismal woric of claim 4 wherein the polarization seed comprises a random number. 

7. A method of protecting a digital work during replay, wherein the digital woric comprises digital content and resource 
information, comprising: 

providing a replay application, wherein the replay application uses resource infomnadon to transform digital 
content into presentation data; 
providing a polarization seed; 

provMIng a polarized digital woric, wherein the digital content has been polarized in accordance with a first 
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polarization scheme which polarizes the digital content using the polarization seed while preserving the re- 
source information, wherein the resource information is used by the application for transforming the digital 
content into presentation data; 

providing a polarized system resource, wherein the system resource has been polarized In accordance with 
a second polarization scheme using the polarization seed; and 

executing the replay application, wherein the replay application uses the polarized system resource to trans- 
font) the polarized digital woik into presentation data. 

a The method of claim 7, wherein the first and second polarization schemes are the same. 

9. The method of claim 7, further comprising providing the presentation data to an output device. 

10. A method of protecting a digital woric during replay, wherein the digital woric comprises digital content and resource 
infomiation, comprising: 

providing a first replay application, wherein the first replay appllcatton uses resource Information to transform 
digital content into presentation data; 

providing a second replay application, wherein the second replay flppllcation uses resource Information to 
transform presentation data into ^aga data for display cn an output device; 
providing a polarization seed; 

providing a polarized digital woric, wherein the digital content has been polarized in accordance with a first 
polarization scheme which polarizes the digital content using the polarization seed while presenting the re- 
source Information, wherein the resource information is used by the application for transfomnlng the digital 
content into presentation data; 

providing a polarized system resource, wherein the system resource has l>een polarized In accordance with 
a second polarization scheme using the polarization seed; 

executing the first replay application, wherein the first replay application uses the polarized system resource 
to transform the polarized digital woric into partially unpolarized presentation data; and 
executing the second replay applicatioh, wherein the second replay application uses the polarized system 
resource to transform the partially unpolarized presentation data into image data. 
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